From client-side encryption to self-destructing links, every feature is designed with security and simplicity in mind.
Every secret is encrypted in your browser using AES-256-GCM before it ever reaches our servers. The encryption key is derived from a random password using PBKDF2 with 600,000 iterations and SHA-256. The key is embedded in the URL fragment — which browsers never send to servers — so only the recipient with the full link can decrypt the secret.
Set your secret to self-destruct after a single view or after a time period (24 hours, 7 days, 30 days). Once a secret reaches its view limit or expiry, the encrypted content is permanently wiped from our database — not archived, not recoverable. Even Bapla cannot restore it.
Share any type of sensitive data: passwords, API keys, private certificates, SSH keys, environment files, or any file up to your plan limit. All content is encrypted end-to-end before upload. Files are stored encrypted and only decryptable by the holder of the secret link.
Organize your team with multi-tenant workspaces. Invite colleagues with fine-grained role-based access: Owner, Admin, or Member. Owners can manage billing and workspace settings. Admins can manage secrets and users. Members can create and view secrets within their access scope.
Bring your own domain to white-label your secret-sharing experience. Configure a custom subdomain (e.g., secrets.yourcompany.com) via a simple DNS CNAME record. Perfect for enterprise teams that need brand consistency and compliance with internal policies.
Create, read, and manage secrets programmatically via a RESTful API. Generate per-workspace API keys from your settings panel. Integrate Bapla Secrets into your CI/CD pipelines, deployment scripts, or internal tools. Full OpenAPI documentation available.
Send a secret directly to a recipient by email. The recipient receives a link in their inbox — they never need an account. The link is one-time and expires automatically. Ideal for onboarding new teammates or sharing credentials with clients.
Bapla Secrets is fully open source (MIT license) and designed to be self-hosted on your own infrastructure. Deploy on any server with Docker Compose in minutes. You control your data, your storage, and your encryption keys. The cloud plan simply funds ongoing development.