One file. Two truths.

Deniable encryption in one API call.

Free. No card. No password. 500 API calls/month. Your key is your identity.

Your API key will appear on screen immediately. Save it somewhere safe. We can't show it again.

No password by design. Your API key is your only credential. We store a hash, never the key itself. Lose it and we can't recover it. Zero-knowledge from signup to encryption.

Already have a key? API docs · Vault · Dead Man's Switch

What you get
🔒

Encrypt + decoy

One ciphertext, multiple plausible plaintexts. No one can prove which is real.

📦

Vault storage

Store encrypted secrets in the cloud. Retrieve with your password. Deny with another.

Dead man's switch

Messages that auto-deliver if you stop checking in. Password-protected.

💻

SDKs in 4 languages

TypeScript, Python, Go, Rust. One import, one function call, done.

What it looks like in practice

# Encrypt a secret
curl deny.sh/api/encrypt \
-H "x-api-key: dk_your_key" \
-d '{"plaintext":"real secret","password":"mypass"}'
{"ciphertext":"a3f8c1..."}

# Layer a decoy on top
curl deny.sh/api/add-decoy \
-d '{"ciphertext":"a3f8c1...","decoy":"nothing here","password":"fakepass"}'
{"ciphertext":"a3f8c1..."} # same blob, two truths
No tracking
No analytics
Independent audit planned
AGPL-3.0
🔓

You're in

Here's your API key. You won't see it again.

⚠ Save this somewhere safe. Right now.

What would you like to do?

🔒
Encrypt something
Use the browser tool. No coding needed.
📖
Read the API docs
Integrate deny.sh into your app.
🔧
Browse all tools
Steganography, secret splitting, vault, and more.
Developer quickstart ▾

Try it now

Your first encrypt
curl -X POST https://deny.sh/api/encrypt \ -H "Content-Type: application/json" \ -H "x-api-key: dk_your_key" \ -d '{"plaintext":"hello world","password":"test123"}'

Or install an SDK

npm install deny-sh // encrypt.js import { DenySh } from 'deny-sh'; const client = new DenySh('dk_your_key'); const { ciphertext } = await client.encrypt('my secret', 'password'); await client.addDecoy(ciphertext, 'decoy text', 'other-password');
pip install deny-sh # encrypt.py from deny_sh import DenySh client = DenySh('dk_your_key') result = client.encrypt('my secret', 'password') client.add_decoy(result.ciphertext, 'decoy text', 'other-password')
go get github.com/deny-sh-crypto/deny-sh-go // main.go client := denysh.New("dk_your_key") ct, _ := client.Encrypt("my secret", "password") client.AddDecoy(ct, "decoy text", "other-password")
# Cargo.toml [dependencies] deny-sh = "0.1" // main.rs let client = DenySh::new("dk_your_key"); let ct = client.encrypt("my secret", "password")?; client.add_decoy(&ct, "decoy text", "other-password")?;