← Back to Burnwire
BURNWIRE/TrustDrop
SECURITY / MICROSAAS

TrustDrop

Zero-knowledge secrets that self-destruct.

trustdrop.com
< 500msfrom paste to encrypted, shareable link — no accounts, no installs
The Product
trustdrop.com
TrustDrop product screenshot
Visit trustdrop.com
The Customer's Problem

"Our engineering team was sharing API keys and database credentials over Slack. Plaintext. Pinned in channels. Our security lead kept flagging it, but the alternative was asking everyone to install a password manager and create accounts — and nobody was going to do that. We needed something where the answer to 'just send me the password' wasn't a security incident waiting to happen."

Credentials shared over Slack and email live forever in plaintext — a single workspace breach exposes every secret ever shared through it

Every competitor required accounts on both ends, or used server-side encryption where the provider holds the keys — meaning you're trusting someone else with your secrets

No existing tool offered configurable destruction rules, file support, embeddability, or the ability to self-host and audit the code

How Burnwire Solved It

Burnwire identified the core flaw in every competitor: the server can read what it stores. We built TrustDrop around a single architectural decision — encryption happens entirely in the browser, and the decryption key exists only in the URL fragment, which is never sent to the server. TrustDrop's own infrastructure is cryptographically blind to the secrets it holds.

ARCHITECTURE

Client-side AES-256-GCM encryption. Key derived from password, embedded in URL fragment. Server receives and stores only ciphertext. Even under subpoena, there's nothing to hand over.

DESTRUCTION ENGINE

Configurable burn rules: view limits (1–50 views), time expiry (1 hour–30 days), and a wrong-password kill switch that destroys the secret instantly on brute-force — not locks it, destroys it.

TRUST STORY

Published the full codebase under AGPL-3.0. Built a Trust Center with 9 custom security infographics. The security claim isn't marketing copy — it's verifiable in the source code.

DISTRIBUTION

Created an embeddable widget — one script tag lets any website offer encrypted sharing. Internal tools, client portals, onboarding flows. No crypto engineering required.

The Delivery

What we shipped

Zero-Knowledge
Server can't read secrets — even if compelled
< 500ms
Paste → encrypted link, no signup
50 MB
File support, any type, encrypted
AGPL-3.0
Fully open-source and auditable
Embeddable
One script tag, any website
14 Days
Concept to production
Impact

Problems TrustDrop solves

Eliminates plaintext credential sharing over Slack, email, and text — secrets exist only as long as they need to

Configurable destruction: view count, time expiry, or wrong-password kill switch that instantly destroys on brute-force

Open-source and self-hostable — security teams can audit the code and deploy under their own infrastructure

Embeddable widget lets any product offer encrypted sharing without building crypto infrastructure

YOUR PROJECT COULD BE NEXT

Ready to deploy?

Let's turn your idea into a live product. Same process. Same velocity. Your vision.

Start a Project →See Our Full Process →