Loading...
Discovering amazing open source projects
PasteVault: Zero‑Knowledge, End‑to‑End Encrypted Pastebin with a VS Code‑like Editor
PasteVault lets you share code snippets and notes securely without ever exposing the decryption key to the server. Powered by XChaCha20‑Poly1305 encryption, it offers a familiar VS Code editing experience, optional password protection, and self‑hosted flexibility—perfect for teams that value privacy and control.
OSD
Written by
Open Source Daily
September 17, 2025
6 min read
The hidden cost of “free” paste services
Every developer has been there: you need to drop a quick code snippet into a chat, a ticket, or an email, but the only options are public pastebins that log IPs, retain data indefinitely, or expose the content to third‑party analytics. For security‑focused teams, that trade‑off is unacceptable—especially when dealing with credentials, proprietary algorithms, or compliance‑bound data.
Enter PasteVault, an open‑source, end‑to‑end encrypted pastebin that puts the cryptographic keys back in the client’s hands. With a VS Code‑like editor, markdown rendering, and optional password protection, it feels like a modern, private “Pastebin‑as‑a‑Service” you can run anywhere—from a single Docker container on a Raspberry Pi to a Kubernetes cluster behind your corporate firewall.
Why Choose PasteVault?
- True zero‑knowledge security – Encryption (XChaCha20‑Poly1305) happens entirely in the browser; the decryption key lives only in the URL fragment (
#) and is never transmitted to the server. - Developer‑friendly editing experience – The frontend mimics VS Code with syntax highlighting, line numbers, and markdown preview, making it feel native to anyone who codes daily.
- Flexible storage back‑ends – Choose lightweight SQLite for quick deployments or switch to PostgreSQL for production‑grade durability, all configured via simple environment variables.
- Fine‑grained control over paste lifespan – Set custom expiry times, enable “burn‑after‑read”, or add a PBKDF2‑derived password for an extra layer of protection.
- Self‑hosted, no vendor lock‑in – Deploy with a single
npxcommand or a Docker Compose file and retain full ownership of your data and infrastructure. - Open‑source transparency – Licensed under GPL‑3.0, the code is auditable, extensible, and community‑driven, ensuring you’re never caught off‑guard by hidden telemetry.
Spotlight on Key Features
| Feature | Description |
|---|---|
| End‑to‑End Encryption | Uses XChaCha20‑Poly1305; keys generated client‑side, never stored server‑side. |
| Zero‑Knowledge URL | Decryption key is stored in the URL fragment (#key) – the server only sees the opaque identifier. |
| Password Mode | Optional PBKDF2‑derived password adds a second factor; the password never touches the server. |
| Burn‑After‑Read | Pastes can be configured to self‑destruct after the first successful retrieval. |
| Markdown + Syntax Highlighting | Full markdown support with PrismJS‑based code highlighting for dozens of languages. |
| REST API | Simple, rate‑limited API for programmatic paste creation and retrieval, complete with validation. |
| Pluggable Databases | SQLite out‑of‑the‑box; switch to PostgreSQL by setting DATABASE_URL and DATABASE_PROVIDER. |
| CORS Configurable | CORS_ORIGIN lets you lock the frontend to a specific domain, tightening security further. |
| Docker‑Ready | One‑click docker compose -f docker-compose.all.yml up -d launches both frontend and backend. |
| Minimal Configuration | All required settings are environment variables; sensible defaults keep the first run painless. |
Getting Started
PasteVault can be launched in two primary ways: a single‑command Node.js setup for quick trials, or a Docker Compose stack for production‑grade deployments.
1️⃣ One‑command (Node.js)
# Prerequisites: Node.js 18+ and npm
npx pastevault up
The command pulls the latest release, starts the backend on http://localhost:3001 and the frontend on http://localhost:3000. Open your browser, and you’re ready to create encrypted pastes instantly.
2️⃣ Docker Compose (All‑in‑One)
# Clone the repository
git clone https://github.com/arc53/pastevault.git
cd pastevault
# Launch both services
docker compose -f docker-compose.all.yml up -d
- Frontend:
- Backend API:
Configuration (optional)
Create a .env file in the repository root for custom database settings:
# Example PostgreSQL configuration
DATABASE_URL=postgresql://pastevault:pastevault_dev_password@localhost:5432/pastevault
DATABASE_PROVIDER=postgresql
PORT=3001
CORS_ORIGIN=http://localhost:3000
And a .env.local file for the Next.js frontend:
NEXT_PUBLIC_API_URL=http://localhost:3001/api
3️⃣ Verify the installation
curl -s http://localhost:3001/api/health | jq
You should see a JSON payload indicating the service is healthy.
How PasteVault Stacks Up Against Proprietary Alternatives
| Feature / Service | PasteVault | Pastebin (proprietary) | PrivateBin (open‑source) | GitHub Gist |
|---|---|---|---|---|
| End‑to‑end encryption (client‑side) | ✅ (XChaCha20‑Poly1305) | ❌ (server stores plain text) | ✅ (AES‑256, but key in URL fragment) | ❌ (GitHub stores plain text) |
| Zero‑knowledge server | ✅ | ❌ | ✅ (depends on config) | ❌ |
| Password‑protected pastes | ✅ (PBKDF2) | ✅ (paid tier) | ✅ | ❌ |
| Burn‑after‑read | ✅ | ❌ | ✅ | ❌ |
| Markdown + syntax highlighting | ✅ (VS Code‑like) | ✅ (basic) | ✅ | ✅ |
| Self‑hosted | ✅ (Docker, Node) | ❌ | ✅ | ❌ |
| Database choice (SQLite/PostgreSQL) | ✅ | N/A (SaaS) | ✅ (SQLite) | N/A |
| Rate limiting / abuse protection | ✅ | ✅ (paid) | ✅ (configurable) | ✅ (GitHub limits) |
| Open‑source license | GPL‑3.0 | Proprietary | GPL‑3.0 | Proprietary (GitHub) |
| Free forever | ✅ | ✅ (basic) | ✅ | ✅ (public gists) |
Bottom line: PasteVault delivers the strongest privacy guarantees among the listed options while adding a modern editing UI and flexible deployment models—something most proprietary services simply cannot match without a paid plan.
Call to Action
Ready to take control of your code snippets and notes? Deploy PasteVault today and experience the peace of mind that comes with true zero‑knowledge encryption.
- Try the live demo: https://pastevault.dev/
- Read the docs: Getting Started Guide
- Star the repository: GitHub Repository
- Join the community: Open an issue or submit a PR to help shape the future of secure paste sharing.
Secure your snippets, protect your secrets, and stay in the driver’s seat—without paying a cent for a proprietary lock‑in. PasteVault is free, auditable, and yours to run wherever you need it. Happy pasting!
OSD
Open Source Daily
Curating the best open source projects every day. Follow us for daily discoveries of amazing tools and libraries.
Related Posts
Subscribe to our Newsletter
Get all the latest posts delivered straight to your inbox.
We respect your privacy. Unsubscribe at any time.