Stasher is a tiny CLI tool that lets you share encrypted secrets that burn after reading — no accounts, no logins, no servers to trust.
I built it because I just wanted to share a password. Not spin up infra. Not register for some "secure" web app. Not trust Slack threads. Just send a secret.
Secrets are encrypted client-side with AES-256-GCM. You get a `uuid:key` token to share. Once someone reads it, it's gone. If they don't read it in 10 minutes, it expires and deleted.
Everything is verifiable. Every release is signed, SLSA-attested, SBOM-included, and logged in the Rekor transparency log. Every line of code is public.
There's also a browser-based companion: https://app.stasher.dev — works in a sandboxed popup using the same encrypted model. Share from the terminal, pick up in the browser.
No data stored unencrypted. No metadata. No logs. No surveillance.
---
GitHub (CLI): https://github.com/stasher-dev/stasher-cli GitHub (App): https://github.com/stasher-dev/stasher-app API (Cloudflare Worker): https://github.com/stasher-dev/stasher-api CI/CD (Open): https://github.com/stasher-dev/stasher-ci NPM: https://www.npmjs.com/package/stasher-cli Website: https://stasher.dev Browser App: https://app.stasher.dev (runs in sandbox from https://dev.stasher)
Built with Cloudflare Workers, KV, and Durable Objects. All code open, auditable, and signed.
Try it:
```bash npx enstash "vault code is 1234#" npx destash "uuid:base64key"
thanks for reading
Comments URL: https://news.ycombinator.com/item?id=44823262
Points: 32
# Comments: 27
Ak chcete pridať komentár, prihláste sa
Ostatné príspevky v tejto skupine
Article URL: https://croissanthology.com/earring
Comments URL: https://news.ycombin
Article URL: https://spillhistorie.no/2025/07/31/maybe-we-should-do-an-updated-version/
Comments URL
