← Back to catalog Hemmelig · managed by DINAO

Share your secrets securely

An ephemeral vault for passwords and secrets powered by Hemmelig, installed and maintained by DINAO. End-to-end encryption, hosted in France — the server never sees your data in plaintext.

Hosted in FranceEnd-to-end encryptionSelf-destructing secretsGDPR compliantOfficial publisher image
Overview

What is Hemmelig?

Hemmelig ("secret" in Norwegian) allows you to share sensitive information — passwords, API keys, confidential messages — without them lingering in chat histories, emails, or logs. The secret is encrypted client-side before being sent to the server, and the decryption key is never stored on the server: it is only placed in the URL fragment (#).

Secrets are self-destructing: they disappear after a configurable expiration period or after a maximum number of views. Access can be strengthened with a password, restricted by IP address, include encrypted files, and generate a QR code for mobile sharing.

Technically, Hemmelig relies on Node.js / Fastify, client-side encryption with TweetNaCl, and a lightweight SQLite database (via Prisma). It offers accounts and roles, a rate-limited API, and a CLI for integration into scripts. Deployment is done via a Docker container.

Compatible offers

Host Hemmelig at DINAO

Resource tiers compatible with Hemmelig prerequisites (minimum 1 vCPU / 512 Mo / 2 Go). Hosted in France, fully managed.

Découverte
1 vCPU · 2 Go · 20 Go
9,90 € /month excl. VAT
  • 1 dedicated vCPU
  • 2 Go RAM
  • 20 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Performance
4 vCPU · 8 Go · 80 Go
39,90 € /month excl. VAT
  • 4 dedicated vCPU
  • 8 Go RAM
  • 80 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Dédié
8 vCPU · 16 Go · 160 Go
79,90 € /month excl. VAT
  • 8 dedicated vCPU
  • 16 Go RAM
  • 160 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Under the hood

Technical details

vCPU
1 vCPU
ideal : 2 vCPU
Memory
512 Mo
ideal : 1 Go
Disk
2 Go
ideal : 10 Go
Image : hemmeligapp/hemmelig:v7 Registry : docker.io Services : hemmelig Ports : 3000:3000
FAQ

You might be wondering…

Can the server read my secrets?

No. Encryption happens in your browser and the decryption key is never transmitted to the server: it is placed only in the URL fragment (#).

What happens to a secret after it is read?

It is destroyed as soon as the view limit is reached or the expiration period has elapsed. Nothing remains in the long term.

Can files be shared?

Yes. Authenticated users can attach encrypted files, with local storage or an S3 / Spaces compatible object backend on higher-tier plans.

How to secure a sensitive secret?

With an additional password, IP restriction, short expiration, and a limited number of views. You combine protections as needed.

Can it be used without a web interface?

Yes. A CLI (npx hemmelig) allows creating secrets from the command line, ideal for integrating them into your scripts and pipelines.