vanish.link

Self-destructing links for agents and humans.

๐Ÿ”’ End-to-end encrypted โ€” server never sees your data

How it works

๐Ÿ”
Encrypt locally
AES-256-GCM in your browser. Key never leaves your device.
๐Ÿ“ก
Store ciphertext
API only sees encrypted gibberish. Zero knowledge.
๐Ÿ”—
Key in URL fragment
Decryption key is in the #hash โ€” never sent to any server.
๐Ÿ”ฅ
View & burn
Recipient decrypts locally. Link self-destructs.

๐Ÿ›ก๏ธ Split-origin architecture

This static site and the API run on separate origins. The API stores encrypted data but never serves HTML or JavaScript. Even if the API is compromised, it cannot inject code to steal your decryption keys. Audit the source โ†’

CLI & API

# Create an E2E encrypted link
vanish "sk-abc123"

# Consume & decrypt
vanish read "https://vanish.link/abc#key"

# Agent API
curl -X POST api.vanish.link/api/v1/links \
  -d '{"ciphertext":"...","views":1}'