Yopass Documentation

Yopass encrypts secrets in the browser using OpenPGP before anything leaves the user's machine. The server stores only ciphertext and never sees plaintext. Secrets self-destruct after retrieval or when their configured expiration passes.

Quick Start — up and running in 5 minutes →

---

Guides

🚀

Quick Start

Docker Compose setup in five minutes. Redis or Memcached, your choice.

🔒

TLS / HTTPS

Built-in TLS or reverse proxy setup with Nginx, Caddy, and Traefik.

🗄️

File Storage

Disk and S3/MinIO backends, upload size limits, lifecycle rules.

🔁

Read-Only Mode

Split-instance deployment separating secret creation from retrieval.

🎨

Theming & Branding

Custom logo, colors, and app name. License required.

🪪

OpenID Connect

OIDC setup, multi-instance session sharing, domain restrictions. License required.

📋

Audit Logging

NDJSON compliance logging for SOC 2, ISO 27001, and GDPR. License required.

📊

Metrics

Prometheus scrape config, HTTP metrics, alerting rules, Grafana queries.

⚙️

Server Options

Complete reference for all yopass-server flags, environment variables, and config file options.

---

Premium features

The following features require a valid --license-key. See pricing for details.

Feature	Docs
OpenID Connect authentication	openid-connect
Custom theming & branding	theming
Audit logging	audit-logging
Increased file size limit (>1 MB)	file-storage

Resources

• GitHub Repository — source code, issues, releases
• Live Demo — try Yopass without installing anything
• Pricing — business license with premium features