Enclosed is a minimalist, open-source web application designed for securely sharing private notes and files through end-to-end encryption. Unlike traditional pastebins, Enclosed ensures that the server never has access to unencrypted content—encryption and decryption occur entirely on the client side using AES-GCM and PBKDF2. This makes it ideal for users who need to share sensitive information—like passwords, API keys, or confidential messages—without trusting the server. The app supports configurable security options including password protection, time-to-live (TTL) expiration, and self-destruction after reading. It’s built for simplicity, privacy, and ease of use, with a responsive UI that works across devices and supports dark mode. Enclosed is also fully self-hostable, making it suitable for individuals or teams who want full control over their data.
What You Get
- End-to-End Encryption - Notes and files are encrypted on the client using AES-GCM with a 256-bit key derived via PBKDF2, ensuring the server never sees plaintext content.
- File Attachments - Securely share files alongside notes; they are encrypted client-side and stored encrypted on the server.
- Zero Knowledge Architecture - The server stores only encrypted blobs and metadata; no access to passwords, keys, or content is possible.
- Configurable Security Options - Set a password for additional protection, define TTL (in seconds), and enable self-destruction after the note is read once.
- Minimalistic UI - Clean, intuitive interface designed for quick note creation and sharing with no distractions.
- i18n Support - Available in multiple languages to accommodate global users without requiring additional plugins.
- Authentication (Optional) - Users can optionally sign in with email and password to create persistent notes, though anonymous sharing is also supported.
- Dark Mode - Built-in dark theme optimized for low-light environments and reduced eye strain.
- Responsive Design - Fully functional on desktops, tablets, and mobile devices with touch-friendly controls.
- Self-Hostable - Deploy via Docker or other methods to run your own private instance with full data control.
- CLI Tool - Create and view encrypted notes directly from the terminal using a command-line interface with full feature parity.
- Low Environmental Impact - Rated A+ on WebsiteCarbon.com due to minimal resource usage and efficient codebase.
Common Use Cases
- Building a secure internal knowledge base - Teams sharing temporary credentials, API keys, or sensitive documentation without exposing them to logs, backups, or server admins.
- Sharing one-time passwords or access links - Users send time-limited, password-protected notes to colleagues or clients who need temporary access to systems.
- Privacy-conscious journalists sending sources - Reporters transmit encrypted tips or documents that self-destruct after being read, reducing digital footprints.
- DevOps teams sharing secrets securely - Operations engineers use Enclosed to share temporary secrets (e.g., SSH keys, database credentials) without storing them in version control or chat logs.
- Problem → Solution flow: ‘I need to send a password securely but don’t trust email or messaging apps’ → Enclosed encrypts the password client-side, generates a one-time link that self-destructs after reading, and the server never sees the plaintext.’
- Team workflow: Remote teams using self-hosted Enclosed instances to share internal documentation without relying on third-party services like Pastebin or Bitwarden Send.
Under The Hood
The Enclosed project is a modern, TypeScript-based note-taking application that emphasizes modularity and scalability through a monorepo structure. It combines a secure, client-server architecture with contemporary frontend and backend frameworks to deliver a seamless user experience.
Architecture
This project adopts a modular monorepo design that clearly separates client and server concerns, enabling scalable development and maintenance.
- The architecture follows a clear separation of concerns with distinct modules for authentication, notes, and configuration
- Dependency injection and middleware patterns are used to manage service interactions and enhance decoupling
- The modular structure supports reusability and extensibility across different parts of the application
Tech Stack
Built with modern web technologies, the project leverages TypeScript and cutting-edge frameworks to ensure type safety and performance.
- The frontend is powered by SolidJS, while the backend utilizes Hono.js for lightweight server-side logic
- Key libraries such as @kobalte/core and unocss contribute to a rich UI and utility-first styling approach
- Development and build processes are streamlined using Vite, UnoCSS, and Playwright for testing and deployment
Code Quality
Code quality is maintained through consistent TypeScript usage, linting, and a well-organized monorepo with clear module boundaries.
- Comprehensive testing is implemented using Vitest and Playwright, ensuring both unit and end-to-end coverage
- Error handling follows standard patterns with appropriate propagation and logging mechanisms
- Naming conventions and architectural practices are consistently applied across the codebase, though some duplication exists in configuration
What Makes It Unique
This project distinguishes itself through its thoughtful integration of modern frameworks and a focus on internationalization and reusability from the outset.
- The monorepo approach enables shared components and logic, promoting code reuse across client and server
- A modular architecture supports internationalization and customization without compromising structure
- The blend of UI libraries like @kobalte/core with custom implementations offers flexibility and control over the user experience