I wanted a self-hosted burn-after-read note service where the server literally can't read your notes — not "we promise we don't," but architecturally can't.So I built zahki-ghost. The decryption key lives in the URL fragment (#key=...) and never hits the server. Notes are encrypted with AES-256-GCM in the browser via the Web Crypto API before anything touches the backend. No external database — it uses sql.js. Fully open source, no ads, no tracking.Stack: React + Express + sql.js + Web Crypto APILive demo: On Github, Github ProfileI'd love feedback on the UX and any security suggestions. MIT licensed. via /r/selfhosted https://ift.tt/9tPBAqJ
No comments:
Post a Comment