CryptPad: End-to-End Encrypted Collaborative Documents
Google Docs and Notion are convenient, but your content sits unencrypted on servers you don't control. CryptPad takes a different approach: all documents are encrypted client-side before being sent to the server. Even the server operator cannot read your content. It provides real-time collaboration, multiple document types, and a clean web interface — without compromising on privacy.
Photo by Vitaly Gariev on Unsplash
What CryptPad Includes
- Rich text documents — collaborative word processor
- Spreadsheets (OnlyOffice integration)
- Code editor with syntax highlighting
- Kanban board for project management
- Whiteboard for drawing and diagrams
- Polls and forms
- Presentations (slides)
- Teams — shared workspaces with member management
How the Encryption Works
CryptPad uses zero-knowledge encryption:
- Documents are encrypted in your browser using keys derived from the document URL
- Encrypted data is sent to the server
- The server stores and relays ciphertext it cannot read
The encryption key is in the URL fragment (the # part) — which browsers never send to servers. Share a document link = share the decryption key. Keep the link private = keep the document private.
Docker Setup
CryptPad requires a reverse proxy for proper operation:
services:
cryptpad:
image: cryptpad/cryptpad:latest
container_name: cryptpad
restart: unless-stopped
environment:
- CPAD_MAIN_DOMAIN=cryptpad.yourdomain.com
- CPAD_SANDBOX_DOMAIN=cryptpad-sandbox.yourdomain.com
- CPAD_TRUSTED_PROXY=172.20.0.0/16
- CPAD_HTTP_UNSAFE_ORIGIN=false
- CPAD_ADMIN_KEY= # Set after first run
volumes:
- cryptpad_blob:/cryptpad/blob
- cryptpad_block:/cryptpad/block
- cryptpad_customize:/cryptpad/customize
- cryptpad_data:/cryptpad/data
- cryptpad_files:/cryptpad/datastore
ports:
- 3000:3000
volumes:
cryptpad_blob:
cryptpad_block:
cryptpad_customize:
cryptpad_data:
cryptpad_files:
Important: CryptPad requires two domains — one main domain and one sandbox domain. This is a security requirement; the sandbox domain prevents cross-domain attacks. Both must be configured in your reverse proxy.
Nginx Configuration
# Main domain
server {
listen 443 ssl;
server_name cryptpad.yourdomain.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
# Required for collaborative real-time
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# Sandbox domain (required)
server {
listen 443 ssl;
server_name cryptpad-sandbox.yourdomain.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}
First Run Setup
- Navigate to
https://cryptpad.yourdomain.com - Create the first account — this is your admin account
- Copy the account's public key from profile settings
- Set
CPAD_ADMIN_KEYenvironment variable to this key - Restart CryptPad
The admin interface at /admin controls server settings, user limits, and storage quotas.
User Management
CryptPad supports:
Open registration: Anyone can create an account (default).
Invite-only: Disable registration, send invite links to specific people.
- Admin panel → Registration → Disable open registration
- Invite link generator creates one-use signup tokens
SSO: CryptPad v5+ supports SAML/OIDC for single sign-on with identity providers.
Teams
Teams are shared workspaces:
- Create a team → invite members
- Set member roles: viewer, member, moderator, admin
- Shared drive for team documents
- Team calendar
Teams are end-to-end encrypted; the server only stores encrypted team data.
Storage Configuration
Configure per-user quotas:
// cryptpad/config/config.js (or via Docker env)
defaultStorageLimit: 50 * 1024 * 1024, // 50MB default
maxStorageLimit: 1024 * 1024 * 1024, // 1GB maximum for premium
The admin panel shows total storage usage per account.
Document Lifecycle
By default, documents are stored until the owner deletes them. CryptPad supports:
Password protection: Add a password to a shared document link — recipients need both the URL and password.
Expiry: Documents can be set to expire after a period.
Owned vs. anonymous: Registered users have "owned" documents they can delete permanently. Anonymous documents (no account) have a deletion token.
Backup
# Backup all CryptPad data volumes
docker run --rm \
-v cryptpad_blob:/cryptpad/blob \
-v cryptpad_block:/cryptpad/block \
-v cryptpad_data:/cryptpad/data \
-v cryptpad_files:/cryptpad/datastore \
-v $(pwd)/backup:/backup \
alpine tar czf /backup/cryptpad-$(date +%Y%m%d).tar.gz /cryptpad
Since data is encrypted at rest, a backup without encryption keys is useless for data recovery — but protects against server loss.
Performance and Scaling
- RAM: 500MB-1GB for light use
- CPU: Low under normal load; higher during document opens (crypto operations)
- Storage: Varies with content; 5-20GB for a medium team
CryptPad runs well on a 2-core VPS with 2GB RAM for a household or small team.
CryptPad vs Alternatives
| CryptPad | Nextcloud Office | Collabora Online | |
|---|---|---|---|
| E2E encryption | Yes | No | No |
| Server sees content | Never | Yes | Yes |
| Collaborative editing | Yes | Yes | Yes |
| Self-hosted | Yes | Yes | Yes |
| Requires reverse proxy | Yes | Integrated | Yes |
The defining distinction: CryptPad is genuinely zero-knowledge. If your threat model requires the server never see document content, CryptPad is the only mature option.
The project is at github.com/cryptpad/cryptpad. For households or teams that want collaborative documents without vendor surveillance, CryptPad is the most thoughtfully designed privacy-preserving option available.