v0.3.0 beta
$

drop_

Secure end-to-end encrypted secret sharing. Zero-knowledge by design.

  • AES-256-GCM Encryption
  • Automatic Burn-on-Read
  • Native Pipe & Stream Support
  • Zero-Configuration Setup
# Execute to install via shell
curl -sL getdrop.dev/install.sh | bash
Quick Start
# Pass a string drop "secret"
# Pipe stdout cat .env | drop

docs_

Architecture

Drop encrypts data locally before it leaves your machine. It uses AES-256-GCM with a unique key generated for every secret. The server only sees an encrypted, anonymous blob.

Security Model

Every "Drop" consists of two parts: the encrypted payload on our servers and the decryption key in your shared token. Since tokens are never stored, we have Zero-Knowledge of your content.

command_reference.sh

Create

Encrypt and upload. Returns a retrieval token.

drop [data]
Retrieve

Fetch and decrypt.

drop get [token]
Purge

Immediate server-side destruction without reading.

drop purge [token]
Stream

Pipe stdout directly into a secure drop.

cat .env | drop
Redirect

Redirect stdout to a file.

drop get [token] > .env
Optional Flags

Set custom expiry (minutes) or read limits.

--ttl 60 --reads 5

faq_

Is Drop Zero-Knowledge?

Encryption keys are generated locally and never touch our servers. We only store an AES-256-GCM encrypted blob that is unreadable to us. Data is unrecoverable without your token.

What is "Burn-on-Read"?

Secrets self-destruct after being viewed. While a Drop is deleted by default after its first retrieval, you can set custom read limits. Once reached, data is permanently purged.

Can I self-host?

Absolutely. Both the API and CLI are entirely open-source. You can audit, fork, or deploy the core API today to maintain total control over your own infrastructure.

What are the limits?

Drop is built for speed. Each Drop is capped at a 1MB payload limit—ideal for secure credentials, text snippets, logs, or small configuration documents.