01
Local encryption first
Secrets are encrypted in the CLI with AES-256-GCM before any network request is made.
Terminal-first secret sharing
Yanki
Yanki encrypts your secret on your machine, uploads only encrypted data, and burns the note on read.
Terminal flow
$ yanki create "secret"
-> share link
$ yanki read "<url>"
-> note destroyed
Install Yanki
curl -fsSL https://useyanki.dev/install | bash
Step 1
Create
yanki create "my secret"
Yanki generates a random key and IV on your machine, then encrypts with AES-256-GCM.
Step 2
Share
https://useyanki.dev/n/<id>#<key>
The API stores only encrypted ciphertext. The decryption key stays in the URL hash fragment.
Step 3
Burn
yanki read "https://useyanki.dev/n/<id>#<key>"
On first read, the API returns the encrypted payload and immediately deletes the note.
Security model
Yanki is built around a zero-knowledge flow: encrypt locally, share safely, and burn on first successful read.
02
No plaintext on the API
The server only stores ciphertext, IV, and auth tag.
03
Client-side key handling
Decryption keys remain in the URL hash fragment and never hit server logs.
04
Atomic burn-on-read
A successful read returns once and immediately deletes the stored note.