Home

Awesome

 

<div align="center"> <img src="https://i.imgur.com/8S9SPyZ.png" width="100px" /> <h1>Paaster.io</h1> <quote> Paaster is a secure and user-friendly pastebin application that prioritizes privacy and simplicity. With end-to-end encryption and paste history, Paaster ensures that your pasted code remains confidential and accessible. </quote>

<a href="https://paaster.io/terms-of-service">Terms of service |</a> <a href="https://paaster.io/privacy-policy"> Privacy policy</a>

</div>

 

Help translate paaster!

Preview

Desktop preview

Features

Security

What is E2EE?

End-to-end encryption (E2EE) is a zero-trust encryption methodology. When you paste code into Paaster, it is encrypted locally in your browser using a secret that is never shared with the server. Only people you share the link with can view the paste.

Can I trust a instance of paaster not hosted by me?

No. Anyone could modify the functionality of Paaster to expose your secret key to the server. We recommend using a instance you host or trust.

How are client secrets stored?

Client secrets are stored with IndexedDB when the paste is created, allowing for paste history. This method of storage makes Paaster vulnerable to malicious JavaScript, but it would require malicious code to be present when the Svelte application is built.

How are client secrets transported?

Paaster uses URI fragments to transport secrets, according to the Mozilla foundation URI fragments aren't meant to be sent to the server. Bitwarden also has a article covering this usage here.

How are server secrets stored?

Server secrets are stored with IndexedDB when the paste is created, allowing for modification or deletion of pastes later on. The server-sided secrets are generated using the Python secrets module and stored in the database using bcrypt hashing.

Cipher

Paaster uses XChaCha20-Poly1305 encryption, which is implemented using the libsodium-wrappers library.

Shortcuts

Requesting features

What we won't add

Have any questions?

Join our Matrix space

Setup

Production with Docker

NOTE: Latest MongoDB requires CPU with AVX support. If you're using virtual CPU (e.g. kvm64) it will not work. To fix that, either downgrade MongoDB to 4.x, or adjust your VM CPU configuration.

Public S3

Self-hosted S3 (using MinIO)

NOTE: the self-hosted version uses a temporary container (paaster-minio-init) to create initial bucket in MinIO container and configure it for public access.

Recommended headers for frontend

Disable automatically via Vercel

Vercel

Paaster's frontend is also configured to work with Vercel, which offers enhanced security through server separation and improved performance.

Using Rclone

Rclone is no longer supported for performance reasons & paaster is now only s3 compatible.

Look at Self-hosted S3 or Storage providers for cheap / free s3 storage.

Object storage providers

Production without docker

This setup is not recommended & requires more research / knowledge.

Storage breakdown

Paaster uses Amazon S3 for storing large files, specifically, encrypted pastes. This allows us to save and share data quickly and easily through a Content Delivery Network (CDN). Some key advantages of using S3 are splitting data into smaller chunks, fast data sharing, and making copies of data for safety. The S3 buckets are expected to be publicly downloadable (they are end-to-end encrypted anyway), but the public directory listing should be disabled.

We use MongoDB for handling metadata information about each encrypted paste. It includes details like when the paste will expire, storage of access codes, initialization vector (IV) storage, and owner's secrets.

Adding translations

Use inlang to contribute to translations