OneTimeSecret Alternative with Client-Side Encryption

Open-source server-side encryption vs zero-knowledge client-side encryption.

How OneTimeSecret works

Paste a secret, get a link. The recipient opens the link and reads the secret. OneTimeSecret uses server-side AES-256 encryption. Your secret goes to the server as plain text over HTTPS, gets encrypted at rest, and is decrypted for the recipient. The server handles the plaintext at both ends.

What OTS does well

OTS is open source. The code is public, so you can inspect the encryption logic and run your own instance. That's a genuine advantage over closed-source alternatives like Privnote. Self-hosting gives you control over the server, the storage, and the deletion logic. The project has been around since 2012 and has a straightforward codebase.

Where the gap is

The encryption happens on the server, not in your browser. Even with open-source code, the server processes your secret in readable form. If you self-host, you're the operator and you trust yourself. If you use the hosted version, you're trusting their server.

Users have requested client-side encryption, but it's not on the OTS roadmap. OTS is also text-only. No file attachments. Anonymous sharing is limited to 100 KB with a 7-day maximum expiry.

Client-side encryption

With Secret.Broker, your browser encrypts the secret with XChaCha20-Poly1305 before anything goes to the server. The encryption key stays in the URL fragment. The server stores ciphertext it can't decrypt. The protocol page documents the full stack, including Argon2id key derivation and domain binding.

Feature comparison

  • OneTimeSecret: server-side AES-256, open source, self-hostable, text only, 100 KB anonymous / 1 MB free, 1 view, 7-14 day expiry
  • Secret.Broker: client-side XChaCha20-Poly1305, file attachments up to 20 MB, view limits 1-25, expiry 15 min to 30 days, paranoid mode, no account needed

Also compare: vs Privnote and vs Password Pusher.

Common questions

Is OneTimeSecret secure?

OTS uses server-side AES-256 encryption. Your secret travels to their server as plain text over HTTPS, gets encrypted at rest, and is decrypted for the recipient. The code is open source so you can verify this. The server has access to your secret in readable form. For a zero-knowledge alternative, you need client-side encryption where the server never sees the plaintext.

Can I self-host OneTimeSecret?

Yes, OTS is open source and self-hostable. If you run your own instance, you control the server. But the encryption is still server-side, meaning the server (yours, in this case) processes the secret in plain text. Self-hosting addresses the trust-the-operator problem but not the encryption architecture.

What are the limits of OneTimeSecret?

Anonymous users can share up to 100 KB with a 7-day expiry. Free accounts get 1 MB and 14 days. OTS is text-only with no file attachments. The view limit is always 1. For sharing API keys or config files, a text-only tool means pasting contents and hoping the formatting holds.

Share a Secret