Frequently asked questions

Bapla Secrets is a secure secret-sharing platform built by Bapla Digital. It lets you share passwords, API keys, tokens, certificates, and any sensitive text or file via self-destructing, end-to-end encrypted links. It is designed for developers, DevOps engineers, and security-conscious teams.

Every secret is encrypted in your browser using AES-256-GCM before it is sent to our servers. The encryption key is derived from a randomly generated password via PBKDF2 with 600,000 iterations and SHA-256. This password is placed in the URL fragment (the part after #), which your browser never sends to our servers. Only someone with the full URL can decrypt the secret.

No. Bapla operates on a zero-knowledge architecture. Because the decryption key is in the URL fragment and never transmitted to our servers, we receive and store only ciphertext. We are technically unable to read any secret stored on our platform.

When a secret reaches its view limit (e.g., after one view) or its time-based expiry, the encrypted content is permanently and irreversibly deleted from our database. It is not archived, not moved, and cannot be recovered — even by Bapla support.

Yes. You can self-host the open-source version on your own infrastructure completely for free. Alternatively, you can sign up for the cloud plan, which requires no credit card to get started and is billed at 10€/year per workspace.

The cloud plan costs 10€ per workspace per year, which includes 1 user. Additional team members are billed at 1€ per user per year. There are no other fees or hidden charges.

Yes. Bapla Secrets is open source (MIT license) and fully self-hostable. You can deploy it on any server using Docker Compose in just a few minutes. You retain full control over your data, your storage, and your infrastructure. Documentation and source code are available on GitLab.

You can share any file type — there are no restrictions on file format. Files are encrypted end-to-end before upload, just like text secrets. Common use cases include SSH private keys, TLS certificates, .env files, and encrypted archives.

Yes. Bapla Digital is a European company and Bapla Secrets is designed with GDPR compliance in mind. Data is stored in Europe, we collect minimal personal data, and our zero-knowledge architecture means we cannot access the content of your secrets. You can request deletion of your account and all associated data at any time.

You can cancel your subscription at any time from your workspace settings under the Billing section. Your workspace will remain active until the end of the current billing period. No questions asked, no cancellation fees.