 ██   ██████╗ ██████╗ ███╗   ██╗███████╗
  █  ██╔════╝██╔═══██╗████╗  ██║██╔════╝
 ██  ██║     ██║   ██║██╔██╗ ██║█████╗  
  █  ██║     ██║   ██║██║╚██╗██║██╔══╝  
 ███ ╚██████╗╚██████╔╝██║ ╚████║██║     
██▄██ ╚═════╝ ╚═════╝ ╚═╝  ╚═══╝╚═╝

One memorable curl
for the configs you actually care about

1 install path. 0 daemons. Private releases that still decrypt locally.

Stable install URLs, release-aware rollback, and a trust boundary you can explain to a security-conscious teammate in one minute.

$ curl -L https://1conf.space/you/ | sh

click to copy

See the private flow

⚿ Password stays local | ⊹ Encrypted blob delivery | ↺ Release-aware rollback | ∅ No extra client

PROTOCOL-FIRST DELIVERY

Ship configs like releases, not files.

1Conf keeps the install path as simple as copy-paste while giving the backend enough structure for private payloads, release history, and rollback.

script manifest payload artifact release

STABLE INSTALL PATH

One URL users can remember.

The command stays the same while the active release changes behind it. That means fewer “which file was the latest one?” moments and fewer setup instructions to maintain.

$ curl -L https://1conf.space/team/prod-env | sh

PRIVATE WHEN NEEDED

Secrets stay off the server.

Private configs are encrypted before upload, decrypted on the client, and stored as blobs. The service helps deliver them without becoming the place that knows your plaintext.

Local password entry
Encrypted blob storage
HMAC check before decrypt

RECOVERY BUILT IN

Bad release? Roll back fast.

Config changes are safer when recovery is part of the product. Release history and rollback move 1Conf away from save-and-hope config management.

v12 current

v11

v10

CLEAR TRUST BOUNDARY

Private config, both directions in one glance.

Upload encrypts locally. Install decrypts locally. 1Conf brokers release metadata and encrypted blobs without needing your private plaintext at either end.

upload path / install path 1Conf sees metadata + ciphertext, never your private plaintext

upload path

local encrypt before release

+------+      +----------+      +--------+      +---------+
| You  |      | Terminal |      | 1Conf  |      | Release |
+------+      +----------+      +--------+      +---------+
    |               |               |               |
    | curl -L ...   |               |               |
    |-------------->|               |               |
    |               |               |               |
    |               | [local] read [config]         |
    |               | [local] encrypt payload       |
    |               | [local] derive HMAC           |
    |               | create draft  |               |
    |               |-------------->|               |
    |               |               |               |
    |               | ciphertext    |               |
    |               | + metadata    |               |
    |               |-------------->|               |
    |               |               |               |
    |               |               | store version |
    |               |               |-------------->|
    |               |               |               |
    |               |               |               |

// local: choose file, enter passphrase, encrypt, derive HMAC

// remote: store release metadata and encrypted blob only

install path

local decrypt before write

+------+      +----------+      +--------+      +-------+
| You  |      | Terminal |      | 1Conf  |      | Files |
+------+      +----------+      +--------+      +-------+
    |               |               |               |
    | curl -L ...   |               |               |
    |-------------->|               |               |
    |               | GET /team/prod-env            |
    |               |-------------->|               |
    |               | script        |               |
    |               |<--------------|               |
    |               | manifest      |               |
    |               |<--------------|               |
    |               | enc blob      |               |
    |               |<--------------|               |
    | passphrase    |               |               |
    |-------------->|               |               |
    |               | [local] verify HMAC           |
    |               | [local] decrypt payload       |
    |               | write [config]                |
    |               |------------------------------>|
    |               |               |               |

// network: script, manifest, encrypted payload

// local: password entry, HMAC verify, decrypt, write

REAL SETUP MOMENTS

Useful when setup needs to stop being a scavenger hunt.

⌁

New laptop day

Keep the “fresh machine” moment to one command instead of a dozen tabs, paste buffers, and missing dotfiles.

⚙

Shared team config

Hand teammates one install URL for common envs or local tooling setup without teaching a custom release ritual.

⋮

Claude Code handoff

Turn your Claude Code globals into something you can publish, update, and safely roll onto another machine.

READY WHEN YOU ARE

Make the next machine setup feel boring in the best way.

Keep one memorable install command, ship encrypted configs when you need privacy, and recover quickly when a release goes sideways.

One memorable curl for the configs you actually care about