curl-first & curl-only provisioning pipe

1 command. 0 deps, 0 residue, 0 risk.

The world's first config distributor powered by WebAssembly for sandboxed, zero-dependency decryption.

$ curl https://1conf.space/you/ | sh
Copied!
click to copy
⚿ E2E encrypted · ▣ WASM sandboxed · ∅ Zero deps

Why WebAssembly?

Traditional curl | sh is powerful but risky. We made it safe with sandboxed WASM decryption.

✕ TRADITIONAL APPROACH
  • Shell scripts run with full access
  • Secrets exposed in plain text
  • Requires Node.js / Python deps
  • No integrity verification
✓ 1CONF + WASM
  • WASM sandbox isolates execution
  • AES-256-CBC encrypted payloads
  • ~217KB module, no deps needed
  • PBKDF2-SHA256 key derivation

Features

Built for developers who live in the terminal.

░▒▓ $

curl-first

One curl command installs configs. No git clone, no stow, no new tools to learn.

░▒▓ ⚿

E2E Encrypted

AES-256-CBC with PBKDF2 key derivation. Your password never leaves your machine. Server stores only ciphertext.

░▒▓ ▣

WASM Sandbox

Decryption runs inside a WebAssembly sandbox with WASI isolation. Only 217KB. Cross-platform by default.

Security Architecture

Your credentials are too important for trust-me-bro security.

01

Password never transmitted

Encryption and decryption happen entirely on your device. The server is mathematically unable to read your configs.

02

Strict payload validation

Header, type, and encrypted payload format are validated before decrypt/write. Malformed data is rejected immediately.

03

Sandboxed runtime

WASM code runs in a WASI sandbox with restricted syscalls. Encrypted data streams through pipes — never written to disk unencrypted.

04

Verified integrity

Payload format and decryption errors are strictly checked before writing files. Invalid encrypted data will fail fast.

How It Works

01

Create your config

Paste your .env, .vimrc, or agent skills in the dashboard. Choose public or private. Set a password for encryption.

02

Share the URL

Every config gets a unique URL. Public configs deploy directly. Private configs prompt for a password at install time.

03

One-command install

On any fresh machine, one command gets you set up. The WASM runtime downloads automatically if needed (~180KB).

$ curl https://1conf.dev/you/dotenv | sh
✔ config installed.
217KB
WASM module
AES-256
encryption
100K
PBKDF2 iterations
0
dependencies

Stop emailing yourself .env files.

Your configs deserve better than Slack DMs and insecure pastebin links.