One file. Two truths.

Deniable encryption in one API call.

Free. No card. Password optional. 500 API calls/month.

Set a dashboard password (optional)

Use this to sign in to your dashboard for usage, audit log, billing, and account settings.

Your API key will appear on screen immediately. Save it somewhere safe. We can't show it again.

Your API key is still your API credential. We store a hash, never the key itself. A dashboard password only unlocks account controls.

Already have a key? Sign in · API docs · Vault

What you get
🔒

Encrypt + decoy

One ciphertext, multiple plausible plaintexts. No one can prove which is real.

📦

Vault storage

Store encrypted secrets in the cloud. Retrieve with your password. Deny with another.

🚨

Decoy alerts

Register decoy fingerprints and get paged when one is opened.

💻

SDKs in 4 languages

TypeScript, Python, Go, Rust. One import, one function call, done.

What it looks like in practice

# Encrypt a secret
curl deny.sh/api/encrypt \
-H "x-api-key: dk_your_key" \
-d '{"plaintext":"real secret","password":"mypass"}'
{"ciphertext":"a3f8c1..."}

# Layer a decoy on top
curl deny.sh/api/add-decoy \
-d '{"ciphertext":"a3f8c1...","decoy":"nothing here","password":"fakepass"}'
{"ciphertext":"a3f8c1..."} # same blob, two truths
No tracking
No analytics
Independent audit on the roadmap
Apache 2.0
🔓

You're in

Here's your API key. You won't see it again.

⚠ Save this somewhere safe. Right now.

What would you like to do?

🔒
Encrypt something
Use the browser tool. No coding needed.
📖
Read the API docs
Integrate deny.sh into your app.
🔧
Browse all tools
Encrypted vault, browser tools, and more.
📊
Set a password and open dashboard
View usage, audit log, billing, and account settings.
Developer quickstart ▾

Try it now

Your first encrypt
curl -X POST https://deny.sh/api/encrypt \ -H "Content-Type: application/json" \ -H "x-api-key: dk_your_key" \ -d '{"plaintext":"hello world","password":"test123"}'

Or install an SDK

npm install deny-sh // encrypt.js import { DenySh } from 'deny-sh'; const client = new DenySh('dk_your_key'); const { ciphertext } = await client.encrypt('my secret', 'password'); await client.addDecoy(ciphertext, 'decoy text', 'other-password');
pip install deny-sh # encrypt.py from deny_sh import DenySh client = DenySh('dk_your_key') result = client.encrypt('my secret', 'password') client.add_decoy(result.ciphertext, 'decoy text', 'other-password')
go get github.com/deny-sh-crypto/deny-go/v2 // main.go client := denysh.New("dk_your_key") ct, _ := client.Encrypt("my secret", "password") client.AddDecoy(ct, "decoy text", "other-password")
# Cargo.toml [dependencies] deny-sh = "0.1" // main.rs let client = DenySh::new("dk_your_key"); let ct = client.encrypt("my secret", "password")?; client.add_decoy(&ct, "decoy text", "other-password")?;