GhostVault - Secure Secret SharingGhostVault - Secure Secret Sharing
GhostVault is a lightweight, self-hosted script designed for sharing sensitive data over the internet securely Recently UpdatedGhostVault - Secure Secret Sharing
GhostVault is a lightweight, self-hosted script designed for sharing sensitive data over the inte...
Overview
GhostVault is a lightweight, self-hosted script designed for sharing sensitive data over the internet securely.
If you frequently need to send passwords, access keys, or any other confidential information online but don't trust third-party service providers, this script was built specifically for you.
While transmitting data over the web always carries inherent risks, GhostVault implements multiple layers of protection to minimize them:
- Client-Side Encryption: Secrets are never sent over the internet in plain text. They are encrypted directly in your web browser. The decryption key is stored solely in the unique URL fragment (after the # symbol), which is never sent to the server.
- Military-Grade Security: To ensure maximum safety and absolute privacy, encryption is performed on the client side using the highly secure, authenticated AES-256-GCM symmetric algorithm via the native Web Crypto API.
- Self-Destructing Secrets: By default, secrets have a limited lifetime and a view-count threshold, both of which can be customized by the user during creation.
- Server-Side Password Protection: An additional layer of security is provided via an optional server-side password, which is stored securely in your database using modern hashing.
- Paranoid Access Key: For maximum security, the "Paranoid Access Key" feature allows you to generate an extra decryption key. You can send this key via a separate, out-of-band communication channel, rendering intercepting the main link completely useless.
- Fully Self-Contained: All script dependencies are included in the package. It requires no external CDN connections or third-party resources, meaning it can run flawlessly in isolated offline networks (air-gapped environments).
- Code Integrity: For added security, the script features built-in minification and obfuscation algorithms for frontend JS code to prevent tampering.
- Anti-Brute Force Protection: To block automated guessing attacks, GhostVault features a built-in rate-limiting mechanism based on IP addresses. This makes brute-forcing secret codes virtually impossible.
GhostVault comes with a powerful, intuitive admin panel that allows you to manage the platform in real time:
- Real-time Analytics: Monitor usage statistics and track potentially malicious activities.
- Full Branding Control: Easily change the site name, UI text labels, and integrate ads.
- Custom Color Themes: Switch between beautiful pre-built color schemes or easily create your own by simply adding a set of colors to a local JSON file.
- Flexible Database Support: Use an out-of-the-box SQLite database (auto-created in your site directory) or connect to a MySQL/MariaDB database (recommended for production).
Live Demo
Demo Link: https://ghost-vault.rf.gd/
Admin Panel: https://ghost-vault.rf.gd/admin
Credentials (User/Pass): admin / admin
Features
·        True Zero-Knowledge Architecture: Secrets are encrypted directly in the user's browser. Decryption keys are stored only in the URL fragment (after the # hash) and are never sent to or stored on the server.
·        Military-Grade Encryption (AES-GCM): Uses the highly secure, authenticated AES-256-GCM symmetric algorithm via the native browser Web Crypto API for ultimate cryptographic protection.
·        Self-Destructing & Expirable Links: Configure secrets to automatically delete after a specific time limit (expiration) or after being viewed a set number of times.
·        Paranoid Access Key: An advanced security feature that generates an extra decryption key. You can send it via a separate communication channel, making interception of the main link useless.
·        Server-Side Password Protection: Adds an extra, optional security layer with a server-side password stored securely in the database.
·        100% Self-Contained & Offline Ready: No external CDN dependencies or third-party API calls. The script can run flawlessly in isolated, air-gapped, or private corporate networks.
·        Anti-Brute Force (Rate Limiting): Built-in IP-based rate limiting blocks automated script guessing attacks, rendering link-brute-forcing virtually impossible.
·        Code Obfuscation: Internal minification and obfuscation algorithms protect frontend JS code from tampering and reverse engineering.
·        Dual Database Support: Out-of-the-box support for quick SQLite (auto-created) or robust MySQL/MariaDB for high-traffic production environments.
·        Powerful Admin Dashboard: Manage the platform in real time, view usage statistics, track suspicious activities, inject ads, and customize UI text labels.
·        Fully Customizable Themes: Easily change the look of your site. Toggle between pre-built color schemes or define your own palette using a simple JSON file.
Requirements
1.     Web Server: Apache (with mod_rewrite enabled via .htaccess) or Nginx.
2.     PHP Version: PHP 8.0 up to PHP 8.3 (recommended).
3.     Required PHP Extensions:
·        PDO & pdo_sqlite (if using SQLite).
·        PDO & pdo_mysql (if using MySQL/MariaDB).
·        json (for theme configuration and configuration reading).
·        session (for admin panel authentication).
4.     Database:
·        SQLite (No setup required, database file is auto-created in the directory).
·        OR MySQL / MariaDB 5.7+ (Recommended for high traffic).
Instructions
GhostVault can be deployed on a standard web hosting, virtual private server (VPS), or using Docker. Choose your preferred method below.
Option A: Standard Web Hosting / VPS (Manual Setup)
- Upload Files: Upload all the files from the /Source folder to your web server’s root directory (e.g., public_html or /var/www/html).
- Set Permissions: Ensure the server has write permissions (typically 0755 or 0777 depending on your server setup) for:
- The directory where the database file will be created (if you are using SQLite).
- The configuration directory.
- Configure the Script:
- Open /system/config.php in a text editor.
- To use SQLite (default): No changes are needed. The script will automatically create a secure database file in your directory.
- To use MySQL: Set 'DB_TYPE' => 'mysql' and enter your database credentials (host, database name, user, password).
- Access the Site: Open your domain in a web browser. The system will automatically run any necessary migrations on the first run.
- Admin Panel Access:
- Go to [yourdomain.com/admin](https://yourdomain.com/admin)
- Log in with default credentials: User: admin / Password: admin
- Change these credentials immediately in the admin settings!
Option B: Docker Deployment (Recommended)
GhostVault is fully containerized and comes with ready-to-use Docker configurations.
- Upload Files: Copy the source files (including Dockerfile and docker-compose.yml) to your server.
- Environment Setup: (Optional) Adjust environment variables inside docker-compose.yml if you wish to pre-configure port mapping or database types.
- Run Container: Open your terminal in the script directory and run:
- Access and Verify: The container will start Apache with the correct PHP version and system dependencies. Access the app through the port mapped in your Docker Compose file (default is port 80 or 8080).
Important Security Note:
- HTTPS (SSL) is strictly required: Because GhostVault uses the browser's native Web Crypto API for AES-GCM client-side encryption, ###b/b###. Browsers disable security-sensitive APIs on non-secure (HTTP) connections (except for localhost). Ensure you have a valid SSL certificate (e.g., Let's Encrypt) installed on your domain.
Future product updates
Quality checked by Codester
Lowest price guarantee
|
PHP Script Installation Service
Don't worry about the installation of your script! Have your PHP Script installed for you.
|
$39 | Buy now |
| Category | Scripts & Code / PHP Scripts / Miscellaneous |
| First release | 15 July 2026 |
| Last update | 15 July 2026 |
| Software version | PHP 8.2, PHP 8.3, PHP 8.4 |
| Files included | .php, .css, Javascript .js |
| Tags | privacy, self-hosted, secure notes, zero-knowledge, password sharing, one-time secret, aes-gcm, client-side encryption, self-destructing, credential manager |








