Self-hosted, zero-knowledge one-time secret links — your server can't read what it stores.
Every team shares secrets: a database password, a Stripe key, a server login. It ends up pasted into Slack, email, or a ticket — where it sits forever, searchable, in a dozen inboxes and backups. The quick share becomes a permanent liability.
Hosted one-time secret tools help, but most still put your plaintext on somebody else's server and ask you to trust them. For credentials, that trust is the whole problem.
AES-256-GCM encryption happens in the browser with a key generated locally that never reaches the server.
Destroy a secret after one view, or set a custom view limit.
Expire links anywhere from 1 hour to 30 days, or never.
Add a second factor (PBKDF2-SHA-256, 150k iterations) the recipient must also know.
Require sign-in to create secrets, then review who made and viewed what — metadata only, never contents.
Runs on PHP 8+ with MySQL or SQLite on standard shared hosting, with no subscription or per-secret fees.
Checkout isn't open yet. Leave your email and we'll send one note the moment Secreta can be purchased — nothing else.
Two-minute web installer; PHP 8+ with pdo and openssl, MySQL or SQLite, standard shared-hosting compatible; HTTPS required in production.
No — the random encryption key is generated in the browser and placed in the URL fragment after the #, which browsers never send in HTTP requests. The server receives only ciphertext and an IV, so it has no key to decrypt with.
Ciphertext (encrypted a second time at rest), an IV, and metadata: expiry, view count, a passphrase-protected flag, and a salted one-way hash of the creator's IP. Never plaintext, never the key, never a passphrase.
Yes — HTTPS is required in production because browser Web Crypto needs a secure context.
No — Secreta shares text secrets such as passwords, keys, and notes; it does not share files.
No — and that's the point. Once a secret is viewed or expired, it's destroyed, and the server never had the key. Create a new one.
The live demo is being prepared — check back shortly.
Demo — coming soon