html.cloud

Share an HTML file. Keep the key.

Zero-knowledge, end-to-end encrypted HTML file sharing. Your browser encrypts the file with AES-256-GCM before anything is uploaded. The decryption key lives after the # in the share URL — browsers never send that part to the server. We store only ciphertext.

How it works

Drop an HTML file on the homepage
Your browser generates two random keys: a view key (AES-256-GCM) and an edit key
The file is encrypted in-browser and uploaded as ciphertext
You get two links:
- Share link /v/{id}#viewKey — give this to anyone you want to read the file
- Edit link /e/{id}#editKey — keep this private; it lets you replace the file later without changing the share link
Files self-destruct after the chosen expiry (7 days, 30 days, or never)

The server stores:

The encrypted blob
The view key encrypted with the edit key (so the edit page can re-encrypt without exposing the view key)
SHA-256(editKey) for authorization — never the plaintext keys

Security properties

Zero-knowledge uploads — server cannot read any uploaded content
Key-in-fragment — browsers strip the URL fragment before sending HTTP requests; the key never reaches the server
Edit authorization — SHA-256(editKey) stored; raw editKey verified only on update requests
Expiry enforcement — daily cron deletes blobs and DB rows past their expiry date
10 MB upload limit enforced server-side
CSRF protection on all state-mutating routes

Stack

Laravel 12 (PHP 8.5+)
SQLite (swap to MySQL/Postgres via .env for production)
Vite (CSS build pipeline)
Web Crypto API (all crypto is browser-native; no external crypto libraries)

Setup

cp .env.example .env
php artisan key:generate
php artisan migrate
npm install && npm run build
php artisan serve

For production, add a cron entry to run the scheduler:

* * * * * cd /path/to/html.cloud && php artisan schedule:run >> /dev/null 2>&1

Self-hosting

Clone, configure .env (APP_URL, DB_* if using MySQL/Postgres), run behind nginx or Caddy. The encrypted blobs are stored in storage/app/documents/ — back that directory up alongside the database.

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
app		app
bootstrap		bootstrap
config		config
database		database
public		public
resources		resources
routes		routes
storage		storage
tests		tests
.editorconfig		.editorconfig
.env.example		.env.example
.gitattributes		.gitattributes
.gitignore		.gitignore
.npmrc		.npmrc
LICENSE		LICENSE
README.md		README.md
artisan		artisan
composer.json		composer.json
composer.lock		composer.lock
package-lock.json		package-lock.json
package.json		package.json
phpunit.xml		phpunit.xml
vite.config.js		vite.config.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

html.cloud

How it works

Security properties

Stack

Setup

Self-hosting

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

html.cloud

How it works

Security properties

Stack

Setup

Self-hosting

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages