Secure Message Vault

About Secure Message Vault

This website allows you to send messages which may contain sensitive information securely.

How Does it Work?

Go to our Submission Page.
Type in a secret which you would like to securely send to someone else.
Optionally provide an E-Mail address which allows us to send you an email after your secret is revealed to whoever you sent it to.
Press "Store Secret".

Once you've submitted your secret, we will take any information you have entered (Secret, Email, etc) and encrypt it with AES-256-CBC, locking it behind a special passphrase which is required for decryption.

Next, after the information is encrypted, we will supply you a one-time-use link which you can send to someone who you want to see your secret message.

When someone uses the link that you gave them, they will arrive at a page with a "Reveal Secret" button. Once this button is clicked, the secret is revealed to the user and is then immediately deleted from our database forever.


How are the passphrases generated? How are they stored?

We generate our passphrases using a service called PasswordWolf.
We NEVER store the passphrase that we generated ANYWHERE. It is only available in the link that is given to you.
If you submit a secret and lose the link to view the secret before giving it to anyone, we CANNOT recover it.

Are secrets ever removed without being revealed?

Yes. Unrevealed secrets may be deleted automatically after 60 days.

What information of mine is stored in the database?

We do not store ANY personally identifying information.
We do not serve ads, or have any scripts running which try to identify any personal information.
Our database has 1 table which has a total of 4 columns.
"uid" - int - Not Encrypted
"secret" - text - Always Encrypted
"email" - text - Always Encrypted
"timestamp" - timestamp - Not Encrypted