Tools

Everything Deadrop does in the browser, you can do from a terminal or your own infrastructure. One normative spec, one set of published test vectors, four implementations that all speak it: this site, the CLI, the self-host server, and the crypto library they share.

CLI

Send, receive, request, and claim one-time secrets from any shell. Encryption happens locally; the server only ever sees ciphertext — same guarantee as the website.

npm install -g @deadrop/cli

deadrop send "the secret"                # one-time link, burns on open
deadrop receive "<url>"                  # open and burn
deadrop request "staging DB password"    # ask someone for a secret
deadrop fulfill "<request-url>"          # answer a request
deadrop claim "<claim-url>"              # collect the answer (burns it)

Pipes work the way you'd hope (cat .env | deadrop send), output has --json and --quiet modes for scripting, and passwords prompt without echo. Source on GitHub · npm

Self-host server

Don't want to trust our infrastructure? Don't. The server is a single static Go binary in a ~10 MB image — SQLite storage, no external dependencies, full protocol including the request flow.

docker run -d --name deadrop \
  -p 8080:8080 \
  -v deadrop-data:/data \
  ghcr.io/deadrop-dev/server:latest

deadrop send -s http://localhost:8080 "now it never leaves your network"

The CLI and the web client work against any server that honors the spec — point them at yours with -s or DEADROP_SERVER. Source on GitHub

Crypto library

The exact package this site runs in your browser — AES-256-GCM, PBKDF2 password derivation, and the ECDH request flow, built on the Web Crypto API with zero dependencies. Published test vectors pin every implementation to the same bytes.

npm install @deadrop/crypto

Source on GitHub · npm · The spec it implements