Skip to content

Secure, one-time paste bin for sharing secrets.


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



43 Commits

Repository files navigation


Secure, one-time paste bin for sharing secrets.

PastePass lets you share secrets with others. The pasted content is encrypted with AES and can only be viewed once. After the paste is viewed, it is deleted from the server.

You can use this service to share passwords, API keys, or any other sensitive information that you don't want to store in your chat history or email.

PastePass is a single-binary, no dependency, fast and lightweight web service written in Go. It uses BoltDB for storing pastes after encrypting them with AES.

Check it out live:

How to use


Easiest way to run PastePass is using Docker. Run the following command to start the service:

docker run -p 8008:8008 -v ./:/data

You can also use the image in a docker-compose file:

version: '3'
      - "8008:8008"
      - ./data/:/data

You can customize the options by passing them as command line arguments to docker-compose:

version: '3'
    command: ["pastepass", "-app-name", "MyPastePass", "-server-addr", ":8080"]
      - "8080:8080"
      - ./data/:/data


Download the binary from the releases page or build it from source.

Download binary

Here is a shortcut to download the binary for your platform:

curl -L  "$(uname | tr '[:upper:]' '[:lower:]')-$(uname -m | sed 's/x86_64/amd64/; s/i[3-6]86/386/; s/aarch64/arm64/; s/armv7l/arm/')" -o pastepass
chmod +x pastepass

Build from source

git clone
cd pastepass
make setup
make build

The binary will be created in the bin/ directory. If you are downloading the binary, make sure to make it executable:

chmod +x pastepass-linux-amd64


Run with default options:


Open http://localhost:8008/ to access the web app.

Use the -h option to find all options:

./pastepass -h


Option Description Default
-app-name The name to display in the nav to ensure you are on the right environment. PastePass
-db-path The path of the database file pastepass.db
-reset-db Delete all pastes before starting the server false
-server-addr The server address to listen to :8008
-h Show help message


This project is inspired by SnapPass by Pinterest. Think of it as an adaptation made for simplicity and ease of use.

It has a modern looking user interface. It is written in Go to make it easy to deploy and run on any platform. The server is a single binary with no dependencies.

See the screenshots for a preview of the web app.


The pastes are encrypted with AES-256-GCM. The encryption key for each paste is generated randomly and only the encrypted text is stored in the database. The key is never stored on the server.

The server does not log any information about the pastes. The only information stored is the encrypted paste and its metadata (e.g. expiration time).

PastePass is only intended to be used as a self-hosted service, not a public paste bin.


The server does not enforce HTTPS for the endpoints, but it is absolutely necessary to use HTTPS for all requests when deploying this service in production.


  • Deployment instructions