PIN-protected secret sharing with client-side encryption
PIN + Client-side encryption + Ephemeral tokens. Your secrets are protected even if the server is compromised.
6-digit PIN adds an extra layer of security. Even with encrypted data and server access, secrets remain protected without the PIN.
All encryption happens in your browser or client. We never see your secrets, only encrypted blobs and token hashes.
Single-use tokens that self-destruct after access. Configurable TTL ensures secrets don't linger longer than needed.
Built with Axum and Redis for blazing fast performance. Rate limiting and security hardening included.
Python utilities for encrypting .env files, CLI tools, and a React frontend. Integrate however you want.
Web app, CLI tools, Python package, or integrate directly via our REST API. Choose your workflow.
Get up and running in minutes
# Clone and start the backend
git clone https://github.com/streetsmart-ai/zkshare.git
cd zkshare/backend
docker run -d --rm -p 6379:6379 redis &
cargo run
# Encrypt your environment variables with PIN
cd zkdotenv
python3 test_zkcloud_encrypt.py
# Uses PIN: 123456 - creates .zk.env
# Creates .zk.env - safely commit this to git
# Share a secret via the web interface
cd frontend
npm install && npm run dev
# Visit http://localhost:5173How zkshare protects your secrets
# Encryption Flow:
1. User enters secret + 6-digit PIN
2. Client generates tokenA + tokenB
3. Client derives key from: tokenA + PIN
4. Client encrypts secret with derived key
5. Server stores: tokenA
6. Client stores: tokenB + encrypted data
# Decryption Flow:
1. User enters 6-digit PIN
2. Client sends tokenB to server
3. Server returns tokenA
4. Client derives key from: tokenA + PIN
5. Client decrypts secret
6. Server deletes token (single-use)