Cryptgeon is a self-hostable, open-source platform for sharing encrypted notes and files that vanish after being viewed or after a set time. Inspired by PrivNote, it ensures complete privacy by encrypting content on the client side using AES-256-GCM before transmission—meaning the server never sees the decryption key or plaintext data. Designed for developers and privacy-conscious users, Cryptgeon eliminates persistent storage risks by keeping all notes in memory only. It supports both web and CLI interfaces, with optional Raycast integration for quick access from your desktop.
The system is built in Rust and Svelte, with Redis serving as an ephemeral data store. Its architecture guarantees that even if the server is compromised, encrypted notes remain unreadable without the unique key embedded in the share link. This makes Cryptgeon ideal for sharing sensitive information like passwords, API keys, or confidential documents without leaving a trace.
What You Get
- Client-side AES-256-GCM encryption - Notes and files are encrypted in the browser or CLI before being sent to the server; the server only stores ciphertext and never has access to the encryption key.
- Ephemeral storage with no disk persistence - All data is stored in Redis memory only, configured to avoid writes to disk using —save "" and —appendonly no, ensuring complete data erasure after deletion.
- Configurable view limits and expiration - Set maximum views (default 100) and max expiration time (default 360 minutes), with options to enforce single-view notes for maximum security.
- Text and file sharing support - Users can share both plain text notes and files up to 512 MiB (with ~35% encoding overhead accounted for in UI)
- CLI and Raycast integration - Send secure notes directly from the terminal using
npx cryptgeon send text "..." or via an official Raycast extension for macOS users.
- Self-hostable with Docker, NGINX, Traefik, and Synology support - Deploy easily using pre-built Docker images or from scratch with provided configuration examples.
Common Use Cases
- Building a secure internal communication channel - Teams sharing temporary credentials, API keys, or audit logs without leaving traces on servers or in chat logs.
- Sending sensitive documents with expiration - Legal or HR departments sharing confidential contracts or employee records that auto-delete after one view to comply with data minimization policies.
- Problem: Sending passwords via email → Solution: Use Cryptgeon - Users need to share one-time passwords or recovery codes securely; Cryptgeon ensures the link expires after viewing and leaves no server logs.
- DevOps teams managing ephemeral secrets - Engineers using the CLI to send temporary access tokens or deployment keys during CI/CD workflows, with zero disk footprint on production servers.
Under The Hood
Cryptgeon is a privacy-focused encryption service that enables secure file and text sharing through a modular architecture combining Rust, Svelte, and Node.js. It provides both web and CLI interfaces with a focus on cross-platform compatibility and extensibility.
Architecture
This project adopts a modular monolithic design with distinct layers for backend logic, CLI interaction, and frontend presentation. The architecture emphasizes separation of concerns and clear boundaries between components.
- Modular backend built with Rust ensures core logic isolation and performance
- CLI and web interfaces share common adapters for consistent encryption handling
- Clear data flow from user input to storage and presentation layers
- Support for Docker and reverse proxy configurations enhances deployment flexibility
Tech Stack
The system leverages a modern full-stack tech stack with Rust, Svelte, and Node.js to deliver a secure and scalable solution.
- Rust backend for high-performance and memory-safe core operations
- Svelte with TypeScript for reactive and type-safe frontend components
- Node.js CLI tools with TypeScript for cross-platform command-line support
- Vite and tsup for efficient frontend and CLI builds, complemented by Docker for deployment
Code Quality
The codebase shows a balanced approach to testing and development practices, with room for improvement in test coverage and error handling.
- Extensive use of end-to-end testing with Playwright for web and CLI functionality
- Moderate adherence to coding conventions and module organization
- Error handling in Rust relies on unwrapping patterns, indicating potential for improvement
- TypeScript adoption enhances type safety and developer experience
What Makes It Unique
Cryptgeon stands out through its integration of secure encryption with a modular and cross-platform architecture.
- Modular backend design allows for extensibility and maintainability across components
- Unified CLI and web interfaces with shared encryption logic ensure consistent user experience
- Built-in internationalization support enables multi-language accessibility in the frontend
- Deployment-ready features like Docker and reverse proxy support streamline production setups