Vaulted vs Password Pusher
Both let you share self-destructing secrets. The key difference: Vaulted encrypts in your browser before anything reaches the server. Password Pusher encrypts server-side — the server handles your plaintext before encrypting it.
| Feature | Vaulted | Password Pusher |
|---|---|---|
| Client-side encryption | ||
| Zero-knowledge architecture | ||
| Encryption algorithm | AES-256-GCM | AES-256-GCM |
| Key never sent to server | ||
| Self-destructing links | ||
| Configurable view limit | Unlimited or 1–10 views | Configurable |
| Passphrase protection | ||
| Custom expiration | Up to 30 days | Configurable |
| No account required | ||
| CLI tool | npm (zero dependencies) | Python CLI (pip install) |
| Free to use | ||
| Open source | ||
| Self-hostable |
Key Differences
Encryption model: Vaulted encrypts in the browser before anything reaches the server. Password Pusher encrypts server-side — the server handles plaintext briefly before encrypting it. This matters for high-sensitivity secrets.
Self-hosting: Password Pusher is open source and self-hostable, making it ideal for organizations with strict data residency requirements. Vaulted trades self-hosting for a stronger encryption model.
Simplicity: Both require no account. Password Pusher offers more configuration (API, custom domains, branding). Vaulted is intentionally minimal — create a link, share it, done.
Choose Vaulted if
- You need true zero-knowledge encryption — the server never sees plaintext
- You want the simplest possible experience with no account or setup
- Transparent client-side cryptography matters to you (AES-256-GCM, documented)
- You want configurable view limits (1–10 views per secret)
Choose Password Pusher if
- You want to self-host on your own infrastructure
- You want configurable view counts with no upper limit
- You prefer an open-source solution you can audit and modify
- You need API access for automation or CI/CD pipelines