Zero-knowledge · Self-destructing · Encrypted
Notes that disappear.
Keys that never leave you.
Send a secret message, a password, a private thought — encrypted in your browser, destroyed after reading. We hold the ciphertext. You hold the key. We can never combine them.
5 free notes when you register. No credit card required.
The cryptographic model
Half the key is in the link. Half is on our server.
We never have both.
// When you create a note:
randomToken = 64 hex chars
tokenId = first 32 chars → stored on server
secret = last 32 chars → embedded in link only
key = SHA-256( secret )
ciphertext = AES-256-GCM( content, key )
// Server stores: tokenId + ciphertext
// Link contains: tokenId + secret
// Server alone: useless. Link alone: useless.
You create
Browser encrypts. Secret stays in the URL. We get only a locked box.
You share
Send the link. The key travels with it — invisible in the URL fragment.
They reveal
One click. Content decrypted in their browser. View count decrements. Gone forever.
How it works
- 1
Write your note
Type anything — a password, an address, a confession. Set how many times it can be viewed (1 to 100). Optionally add a title.
- 2
Your browser encrypts it
Before anything leaves your device, your browser generates a random encryption key and encrypts the note with AES-256-GCM. The key never travels to our server.
- 3
Share the link
You get a unique URL. The decryption key is embedded in the link itself. Send it over any channel you'd trust with the secret.
- 4
It self-destructs
After the view limit is reached — or after 24 hours — the encrypted note is permanently deleted from our servers. There is no recovery. It goes into the void.
What people send
Passwords
Share a temporary credential without leaving it in chat logs.
API keys
Hand off a secret to a colleague, then know it's gone.
Private notes
Write something that should only be read once.
Recovery codes
Send 2FA backup codes that vanish after use.
Sensitive links
Share a private URL that expires after one click.
Anything private
If you'd regret it staying in someone's inbox, send it here.
Works from the terminal
VoidNote isn't just browser-to-browser. The API is plain JSON over HTTPS — readable by any HTTP client, any script, any AI coding assistant with access to a terminal.
Read a note from the shell
# recipient runs this once — note is gone after
curl -s \
"https://voidnote.net/api/note/${TOKEN}" \
| jq -r '.content'
my-secret-api-key-1234
# note destroyed. not stored anywhere.
CI / deployment pipeline
# In your pipeline step
SECRET=$(curl -s \
"https://voidnote.net/api/note/$NOTE_URL" \
| jq -r '.content')
deploy --key "$SECRET"
# $NOTE_URL is a CI env var.
# The secret itself never enters CI config.
Human → Agent credential handoff
Most teams share secrets over Slack, email, or a `.env` file committed to a private repo. VoidNote makes single-use credential delivery as simple as pasting a link.
- 1 Generate an API key or database credential
- 2 Create a VoidNote with 1 view — takes 5 seconds
- 3 Paste the link into your AI coding assistant's context, your CI runner, or your colleague's terminal
- 4 The agent fetches the secret, uses it, and the note self-destructs — it was never in a config file, a chat log, or a commit
The secret existed in transit for seconds. No secrets manager subscription. No vault server to operate.
Just a URL that works once and then ceases to exist.
Pricing
Credits. No subscription. Buy once, use whenever.
5
notes
Free
On registration
100
notes
$5
$0.05 / note
500
notes
$20
$0.04 / note
1,000
notes
$35
$0.035 / note
Credits never expire. Pay with USDT, USDC, ETH, or BTC via AlchemyPay.
What we can't do
- ✓ Read your notes — the key never reaches us
- ✓ Recover a destroyed note — deletion is permanent
- ✓ Prevent expiry — 24h maximum lifetime, enforced server-side
- ✓ Access your account without your password — we don't store it in recoverable form