 ██   ██████╗ ██████╗ ███╗   ██╗███████╗
  █  ██╔════╝██╔═══██╗████╗  ██║██╔════╝
 ██  ██║     ██║   ██║██╔██╗ ██║█████╗  
  █  ██║     ██║   ██║██║╚██╗██║██╔══╝  
 ███ ╚██████╗╚██████╔╝██║ ╚████║██║     
██▄██ ╚═════╝ ╚═════╝ ╚═╝  ╚═══╝╚═╝

curl-first & curl-only
provisioning pipe

1 command. 0 deps, 0 residue, 0 risk.

The world's first config distributor powered by WebAssembly for sandboxed, zero-dependency decryption.

$ curl https://1conf.space/you/ | sh

click to copy

→ Get Started Free ★ GitHub

⚿ E2E encrypted · ▣ WASM sandboxed · ∅ Zero deps

▸ Why WebAssembly?

Traditional curl | sh is powerful but risky. We made it safe with sandboxed WASM decryption.

✕ TRADITIONAL APPROACH

Shell scripts run with full access
Secrets exposed in plain text
Requires Node.js / Python deps
No integrity verification

✓ 1CONF + WASM

WASM sandbox isolates execution
AES-256-CBC encrypted payloads
~217KB module, no deps needed
PBKDF2-SHA256 key derivation

▸ Features

Built for developers who live in the terminal.

░▒▓ $

curl-first

One curl command installs configs. No git clone, no stow, no new tools to learn.

░▒▓ ⚿

E2E Encrypted

AES-256-CBC with PBKDF2 key derivation. Your password never leaves your machine. Server stores only ciphertext.

░▒▓ ▣

WASM Sandbox

Decryption runs inside a WebAssembly sandbox with WASI isolation. Only 217KB. Cross-platform by default.

▸ Security Architecture

Your credentials are too important for trust-me-bro security.

Password never transmitted

Encryption and decryption happen entirely on your device. The server is mathematically unable to read your configs.

Strict payload validation

Header, type, and encrypted payload format are validated before decrypt/write. Malformed data is rejected immediately.

Sandboxed runtime

WASM code runs in a WASI sandbox with restricted syscalls. Encrypted data streams through pipes — never written to disk unencrypted.

Verified integrity

Payload format and decryption errors are strictly checked before writing files. Invalid encrypted data will fail fast.

▸ How It Works

Create your config

Paste your .env, .vimrc, or agent skills in the dashboard. Choose public or private. Set a password for encryption.

Share the URL

Every config gets a unique URL. Public configs deploy directly. Private configs prompt for a password at install time.

One-command install

On any fresh machine, one command gets you set up. The WASM runtime downloads automatically if needed (~180KB).

$ curl https://1conf.dev/you/dotenv | sh
✔ config installed.

217KB

WASM module

AES-256

encryption

100K

PBKDF2 iterations

dependencies

Stop emailing yourself .env files.

Your configs deserve better than Slack DMs and insecure pastebin links.

→ Start for free Read the docs

curl-first & curl-only provisioning pipe