Encryption Playground

See how AES-256-GCM end-to-end encryption works, step by step. This is exactly how Vaulted protects your secrets.

Your plaintext

Type or paste the text you want to encrypt.

Add passphrase

This is exactly how Vaulted encrypts your secrets

This playground uses the same @vaulted/crypto library that powers Vaulted's web app, CLI, and GitHub Action. The encryption key never leaves your browser — the server only sees ciphertext.

Why AES-256-GCM?

AES-256-GCM is an authenticated encryption algorithm used by TLS, SSH, and most modern security protocols. The 256-bit key provides 2^256 possible combinations, and GCM mode ensures both confidentiality and integrity — any tampering with the ciphertext is detected.

What is zero-knowledge encryption?

Zero-knowledge means the server never has access to your plaintext or encryption key. The key is generated in your browser, encryption happens locally, and the key is shared only through the URL fragment (#) — which browsers never send to servers.

Try it for real

Encrypt a secret and share it via a self-destructing link. Same encryption you just saw, with view limits and expiration.