All content is encrypted using XSalsa20-Poly1305 via libsodium extension before being written to the database. The encryption key is stored separately from the database and loaded only via environment variable — never committed to source code.
⚡
Atomic burn-after-read
One-time secrets use a database-level atomic UPDATE with a conditional WHERE clause. Only one concurrent viewer can ever successfully transition a secret from "active" to "viewed" — preventing race conditions where two requests could both read the same secret.
🤖
Bot-proof reveal gate
Secrets are never returned in the initial GET request. A POST with a CSRF token and explicit user interaction is required. This prevents Telegram, Slack, Zalo, and other chat apps from consuming your one-time secret via link preview crawlers.
🛡️
CSRF protection on every form
All state-changing operations (create, delete, reveal) require a valid CSRF token tied to the server-side session. Tokens are compared with hash_equals() to prevent timing attacks.
🔑
Argon2id password hashing
User passwords and secret access passwords are hashed using Argon2id (PHP's PASSWORD_ARGON2ID) with tuned memory and time cost parameters — resistant to GPU and ASIC brute-force attacks.
📉
Rate limiting
Creation, viewing, and login endpoints are rate-limited per IP and per account using Redis sliding window counters. Anonymous users are limited to 10 secrets/hour; registered users to 100/hour.
🚫
No caching of secret content
Secret view pages are served with Cache-Control: no-store, Pragma: no-cache, and Expires: 0 to prevent browsers, proxies, and CDNs from caching decrypted content.
🗑️
Automatic data deletion
A background worker runs every 5 minutes to hard-delete expired and viewed secrets from the database. Viewed one-time secrets are purged within 24 hours. Access logs are retained for 30 days then deleted.
Note on end-to-end encryption: Encryption currently happens server-side. This means Anthropic technically has access to the plaintext during processing. If your threat model requires true E2E encryption (where even the server never sees plaintext), consider an additional client-side encryption layer before pasting.