{"id":15149902,"url":"https://github.com/corentinth/enclosed","last_synced_at":"2025-05-14T03:11:29.093Z","repository":{"id":254580214,"uuid":"846300007","full_name":"CorentinTh/enclosed","owner":"CorentinTh","description":"Minimalistic web app designed for sending private and secure notes.","archived":false,"fork":false,"pushed_at":"2025-05-05T23:31:21.000Z","size":1863,"stargazers_count":1366,"open_issues_count":36,"forks_count":104,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-05-06T00:32:52.567Z","etag":null,"topics":["end-to-end-encryption","minimalist","note","pastebin","secure","self-hosted","share"],"latest_commit_sha":null,"homepage":"https://enclosed.cc","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CorentinTh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["CorentinTh"],"buy_me_a_coffee":"cthmsst"}},"created_at":"2024-08-22T23:26:01.000Z","updated_at":"2025-05-05T09:36:59.000Z","dependencies_parsed_at":"2024-08-24T14:28:06.334Z","dependency_job_id":"e5a9d575-88fa-4ce8-bf03-9aba64c31a7d","html_url":"https://github.com/CorentinTh/enclosed","commit_stats":{"total_commits":377,"total_committers":20,"mean_commits":18.85,"dds":"0.46684350132625996","last_synced_commit":"1fe019001549e927a21d65420c061eba65f00c86"},"previous_names":["corentinth/enclosed"],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CorentinTh%2Fenclosed","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CorentinTh%2Fenclosed/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CorentinTh%2Fenclosed/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CorentinTh%2Fenclosed/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CorentinTh","download_url":"https://codeload.github.com/CorentinTh/enclosed/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254059520,"owners_count":22007771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["end-to-end-encryption","minimalist","note","pastebin","secure","self-hosted","share"],"created_at":"2024-09-26T14:01:30.652Z","updated_at":"2025-05-14T03:11:24.075Z","avatar_url":"https://github.com/CorentinTh.png","language":"TypeScript","readme":"\u003cp align=\"center\"\u003e\n\u003cpicture\u003e\n    \u003csource srcset=\"./.github/icon-dark.png\" media=\"(prefers-color-scheme: light)\"\u003e\n    \u003csource srcset=\"./.github/icon-light.png\" media=\"(prefers-color-scheme: dark)\"\u003e\n    \u003cimg src=\"./.github/icon-dark.png\" alt=\"Header banner\"\u003e\n\u003c/picture\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003e\n  Enclosed - Send private and secure notes\n\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  Minimalistic web application designed for sending end-to-end encrypted notes and files.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://enclosed.cc\"\u003eDemo\u003c/a\u003e\n  \u003cspan\u003e\u0026nbsp;\u0026nbsp;•\u0026nbsp;\u0026nbsp;\u003c/span\u003e\n  \u003ca href=\"https://docs.enclosed.cc\"\u003eDocs\u003c/a\u003e\n  \u003cspan\u003e\u0026nbsp;\u0026nbsp;•\u0026nbsp;\u0026nbsp;\u003c/span\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@enclosed/cli\"\u003eCLI\u003c/a\u003e\n  \u003cspan\u003e\u0026nbsp;\u0026nbsp;•\u0026nbsp;\u0026nbsp;\u003c/span\u003e\n  \u003ca href=\"https://docs.enclosed.cc/self-hosting/docker\"\u003eSelf-hosting\u003c/a\u003e\n\u003c/p\u003e\n\n## Introduction\n\n**Enclosed** is a minimalistic web application designed for sending private and secure notes.\n\nAll notes are end-to-end encrypted, ensuring that the server and storage have zero knowledge of the content. Users can set a password, define an expiration period (TTL), and choose to have the note self-destruct after being read.\n\nA live instance is available at [enclosed.cc](https://enclosed.cc).\n\n[![Enclosed](./.github/enclosed-mockup.png)](https://enclosed.cc)\n\n## Features\n\n- **End-to-End Encryption**: Your notes are encrypted on the client side, using AES-GCM with a 256-bit key derived using PBKDF2.\n- **File Attachments**: Share files securely with your notes.\n- **Zero Knowledge**: The server does not have access to the content of the notes or files.\n- **Configurable Security Options**: Set a password, expiration time, and choose self-destruction after the note is read.\n- **Minimalistic UI**: Simple and intuitive user interface for quick note sharing.\n- **i18n Support**: Available in multiple languages.\n- **Authentication**: Optional email/password authentication to create notes.\n- **Dark Mode**: A dark theme for late-night note sharing.\n- **Responsive Design**: Works on all devices, from desktops to mobile phones.\n- **Open Source**: The source code is available under the Apache 2.0 License.\n- **Self-Hostable**: Run your instance of Enclosed for private note sharing.\n- **CLI**: A command-line interface for creating notes from the terminal.\n- **Very low environmental impact**: the app and the docs is rated A+ on websitecarbon.com (see [here](https://www.websitecarbon.com/website/enclosed-cc/) and [here](https://www.websitecarbon.com/website/docs-enclosed-cc/)).\n\n## Self host\n\n### Try it with Docker\n\nYou can quickly run the application using Docker.\n\n```bash\ndocker run -d --name enclosed --restart unless-stopped -p 8787:8787 corentinth/enclosed\n```\n\n### To go further\n\nPlease refer to the [self-hosting documentation](https://docs.enclosed.cc/self-hosting/docker) for more information on how to configure and run the application.\nFor example:\n\n- [Setup persistent storage](https://docs.enclosed.cc/self-hosting/docker#docker-with-volume-persistence)\n- [Use rootless image](https://docs.enclosed.cc/self-hosting/docker#rootless-and-non-rootless-docker-images)\n- [Use Docker Compose](https://docs.enclosed.cc/self-hosting/docker-compose)\n\n### Configuration\n\nYou can refer to the [configuration documentation](https://docs.enclosed.cc/self-hosting/configuration) for more information on how to configure the application.\n\n## How It Works\n\n1. **Note Creation**: A user creates a note with some content and optionally sets a password.\n2. **Key Generation**: A **base key** is generated on the client side to ensure encryption, even if no password is set.\n3. **Master Key Derivation**: A **master key** is derived from the base key and the optional password using **PBKDF2 with SHA-256**.\n4. **Note Encryption**: The note is encrypted using the master key with **AES-GCM** encryption.\n5. **Sending to Server**: The encrypted note is sent to the server along with some metadata (ttl, is the note password-protected, should it self-destruct after reading).\n6. **Storage and ID Assignment**: The server stores the encrypted note and provides an **ID** for it.\n7. **Link Generation**: A **link** is generated that includes the note ID and the base key (included as a URL hash fragment to maximize security since hashes are not sent to the server).\n8. **Link Sharing**: The link is shared with the intended recipient.\n9. **Note Retrieval**: The recipient opens the link, and the app fetches the encrypted note and metadata from the server using the note ID.\n10. **Key Extraction**: The base key is extracted from the URL hash fragment.\n11. **Password Prompt (If Applicable)**: If the note is password-protected, the recipient is prompted to enter the password.\n12. **Master Key Derivation**: The master key is derived from the base key and the entered password using **PBKDF2 with SHA-256**.\n13. **Note Decryption**: The note is decrypted using the master key with **AES-GCM** and can now be read by the recipient.\n\nThis ensures that the note remains securely encrypted during transmission and storage, with decryption only possible by those with the correct link and (if applicable) password.\n\n## CLI\n\nThe Enclosed CLI allows you to create notes from the terminal. You can install it globally using npm, yarn, or pnpm.\n\n### Installation\n\n```bash\n# with npm\nnpm install -g @enclosed/cli\n\n# with yarn\nyarn global add @enclosed/cli\n\n# with pnpm\npnpm add -g @enclosed/cli\n```\n\n### Create a note\n\n```bash\n# Basic usage\nenclosed create \"Hello, World!\"\n\n# Using stdin\ncat file.txt | enclosed create\n\n# With full options\nenclosed create --deleteAfterReading --password \"password\" --ttl 3600 \"Hello, World!\"\n```\n\n### View a note\n\n```bash\n# The password will be prompted if the note is password-protected\nenclosed view \u003cnote-url\u003e\n\n# Or you can provide the password directly\nenclosed view --password \"password\" \u003cnote-url\u003e\n```\n\n### Configure the enclosed instance to use\n\n```bash\n# By default, the CLI uses the public instance at enclosed.cc\nenclosed config set instance-url https://enclosed.cc\n```\n\n## Project Structure\n\nThis project is organized as a monorepo using `pnpm` workspaces. The structure is as follows:\n\n- **[packages/app-client](./packages/app-client/)**: Frontend application built with SolidJS.\n- **[packages/app-server](./packages/app-server/)**: Backend application using HonoJS.\n- **[packages/deploy-cloudflare](./packages/deploy-cloudflare/)**: Cloudflare Pages build scripts and configuration.\n- **[packages/lib](./packages/lib/)**: Core functionalities of Enclosed.\n- **[packages/cli](./packages/cli/)**: Command-line interface for Enclosed.\n\n## Contributing\n\nContributions are welcome! Please refer to the [`CONTRIBUTING.md`](./CONTRIBUTING.md) file for guidelines on how to get started, report issues, and submit pull requests.\nYou can find easy-to-pick-up tasks with the [`good first issue` label](https://github.com/CorentinTh/enclosed/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).\n\n## License\n\nThis project is licensed under the Apache 2.0 License. See the [LICENSE](./LICENSE) file for more information.\n\n## Credits and Acknowledgements\n\nThis project is crafted with ❤️ by [Corentin Thomasset](https://corentin.tech).\nIf you find this project helpful, please consider [supporting my work](https://buymeacoffee.com/cthmsst).\n\nThank you to all the contributors who have helped make Enclosed better!\n\n[![Contributors](https://contrib.rocks/image?repo=CorentinTh/enclosed)](https://github.com/CorentinTh/enclosed/graphs/contributors)\n\n### Stack\n\nEnclosed would not have been possible without the following open-source projects:\n\n- **Frontend**\n  - **[SolidJS](https://www.solidjs.com)**: A declarative JavaScript library for building user interfaces.\n  - **[Shadcn Solid](https://shadcn-solid.com/)**: UI components library for SolidJS based on Shadcn designs.\n  - **[UnoCSS](https://unocss.dev/)**: An instant on-demand atomic CSS engine.\n  - **[Tabler Icons](https://tablericons.com/)**: A set of open-source icons.\n  - And other dependencies listed in the **[client package.json](./packages/app-client/package.json)**\n- **Backend**\n  - **[HonoJS](https://hono.dev/)**: A small, fast, and lightweight web framework for building APIs.\n  - **[Unstorage](https://unstorage.unjs.io/)**: An unified key-value storage API.\n  - **[Zod](https://github.com/colinhacks/zod)**: A TypeScript-first schema declaration and validation library.\n  - And other dependencies listed in the **[server package.json](./packages/app-server/package.json)**\n\n### Hosting\n\nThe [live instance](https://enclosed.cc) of Enclosed is hosted on [Cloudflare Pages](https://pages.cloudflare.com/) using [Cloudflare KV](https://developers.cloudflare.com/kv/) for storage.\n\n### Inspiration\n\n- **[PrivateBin](https://github.com/PrivateBin/PrivateBin)**: A minimalist, open-source online pastebin where the server has zero knowledge of pasted data.\n- **[Bitwarden Send](https://bitwarden.com/products/send/)**: A secure and ephemeral way to share sensitive information.\n- The **[shadcn playground example](https://ui.shadcn.com/examples/playground)** for the ui\n\n## Contact Information\n\nPlease use the issue tracker on GitHub for any questions or feedback.\n","funding_links":["https://github.com/sponsors/CorentinTh","https://buymeacoffee.com/cthmsst"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcorentinth%2Fenclosed","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcorentinth%2Fenclosed","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcorentinth%2Fenclosed/lists"}