SnapPass alternative
SnapPass solves the "no more passwords in Slack" problem for engineering teams who can run their own infrastructure. VoidNote solves the same problem without the Redis server, the deployment, or the maintenance — and with encryption the server genuinely cannot break.
What SnapPass is
SnapPass is an open-source Python/Flask app built by Pinterest to share passwords securely within teams. It stores secrets in Redis with a TTL, generates a one-time-use link, and deletes the entry after the link is clicked. It's simple, well-understood, and trusted by a lot of ops teams.
The limitation is structural: SnapPass encrypts server-side, meaning whoever runs the Redis instance can read every secret stored in it. For internal tooling where the same ops team controls both the app and the secrets, that may be an acceptable trade-off. For teams that want cryptographic separation between the service and the content, it isn't.
Zero-knowledge without the infrastructure
VoidNote does what SnapPass does — one-time-use links for sharing secrets — but the encryption key never touches the server. It's derived from a random value that lives only in the URL fragment. The server stores an encrypted blob it cannot decode.
There's no Redis to run, no Docker container to maintain, no deployment pipeline to set up. The service is hosted on Cloudflare's global edge network — low latency everywhere, no cold starts, no single-region outage risk.
SnapPass: secret → Flask → Redis (server-encrypted) → link
[server can read the secret at every step]
VoidNote: secret → AES-256-GCM in browser → API → D1
[server only ever sees: tokenId + ciphertext + iv]
For teams that were going to self-host SnapPass
The usual reason for self-hosting SnapPass is keeping secrets off third-party infrastructure. That's a legitimate concern — but self-hosting moves the trust to your own Redis server and whoever has access to it, not to cryptographic impossibility.
VoidNote is a different model. Instead of moving trust to your own server, it removes server-trust entirely. No privileged insider, no cloud provider, no us — can read your notes. You audit the client-side code (it's open source) and verify that the key never leaves the browser. That's the assurance SnapPass can't provide regardless of who hosts it.
If your team has compliance requirements that mandate on-premises data, SnapPass or a similar self-hosted tool may still be the right choice. If your requirement is genuine confidentiality — that nobody except the intended recipient can read the secret — VoidNote's model is stronger.
Feature comparison
| Feature | SnapPass | VoidNote |
|---|---|---|
| Destroys after reading | ✓ | ✓ |
| Client-side encryption (zero-knowledge) | ✗ | ✓ |
| Server cannot read your content | ✗ | ✓ |
| Password protection | ✓ | ✓ |
| No infrastructure to maintain | ✗ | ✓ |
| CLI tool | ✗ | ✓ |
| API / SDK (TypeScript, Python, Go…) | ✗ | ✓ |
| Encrypted file vault | ✗ | ✓ |
| Live encrypted streams | ✗ | ✓ |
| Global edge (no cold starts) | ✗ | ✓ |
| Open source | ✓ | ✓ |
| Self-hostable | ✓ | ✗ |
Get started
VoidNote works immediately — no deployment, no ops work. The free tier covers day-to-day team usage. If you're evaluating it for an engineering team, Void Pro or Void Unlimited removes all credit limits.