PrivateBin vs MicroBin: Self-Hosted Pastebins Compared

Quick Verdict

PrivateBin is the better choice if privacy is non-negotiable. Its zero-knowledge architecture means the server literally cannot read your pastes — encryption and decryption happen entirely in the browser. MicroBin is the better choice if you want a lightweight, fast pastebin that also handles file uploads and don’t need enforced encryption. Pick PrivateBin for secrets. Pick MicroBin for general-purpose sharing.

Updated March 2026: Verified with latest Docker images and configurations.

Feature Comparison

Feature	PrivateBin	MicroBin
Language	PHP	Rust
Encryption	Zero-knowledge (client-side, always on)	Optional server-side encryption
Encryption library	sjcl (Stanford JavaScript Crypto Library)	Built-in Rust crypto
File uploads	No	Yes
Syntax highlighting	Yes	Yes
Expiration controls	Yes (burn after reading, timed)	Yes (burn after reading, timed, never)
Password protection	Yes (on top of encryption)	Yes
URL shortening	No	Yes (built-in)
Storage backend	Flat files (no database)	SQLite
API	No formal API	REST API
Markdown rendering	Yes	Yes
QR code sharing	No	Yes
License	Zlib	BSD-2-Clause
Docker image size	~50 MB	~15 MB
RAM usage (idle)	~30 MB	~10 MB

Docker Compose: PrivateBin

PrivateBin needs no database. The nginx-fpm-alpine image bundles Nginx and PHP-FPM in a single container. Pastes are stored as encrypted files on disk.

Create a docker-compose.yml:

services:
  privatebin:
    image: privatebin/nginx-fpm-alpine:2.0.3
    container_name: privatebin
    restart: unless-stopped
    ports:
      - "8080:8080"
    volumes:
      # Paste data — encrypted files stored here
      - privatebin-data:/srv/data
      # Optional: custom configuration
      # - ./conf.php:/srv/cfg/conf.php:ro
    read_only: true
    tmpfs:
      - /tmp
      - /run
      - /var/lib/nginx/tmp

volumes:
  privatebin-data:

Start it:

docker compose up -d

Open http://your-server:8080. That’s it. No setup wizard, no accounts, no database migrations. Paste something, share the link. The encryption key is in the URL fragment (after the #), which never reaches the server.

Docker Compose: MicroBin

MicroBin runs as a single Rust binary with SQLite for storage. Configuration is done entirely through environment variables.

Create a docker-compose.yml:

services:
  microbin:
    image: danielszabo99/microbin:2.1.0
    container_name: microbin
    restart: unless-stopped
    ports:
      - "8065:8065"
    volumes:
      # SQLite database and uploaded files
      - microbin-data:/app/microbin_data
    environment:
      # Public-facing URL (change to your domain)
      - MICROBIN_PUBLIC_PATH=http://localhost:8065
      # Enable syntax highlighting
      - MICROBIN_HIGHLIGHTSYNTAX=true
      # Enable file uploads
      - MICROBIN_ENABLE_UPLOAD=true
      # Enable burn-after-reading
      - MICROBIN_ENABLE_BURN_AFTER=true
      # Enable read-count expiry
      - MICROBIN_ENABLE_READONLY=true
      # Enable QR code generation for paste URLs
      - MICROBIN_QR=true
      # Maximum paste size in kilobytes (default 1MB)
      - MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB=256
      # Enable private pastes (require URL to access)
      - MICROBIN_PRIVATE=true
      # Bind address inside the container
      - MICROBIN_BIND=0.0.0.0
      # Port inside the container
      - MICROBIN_PORT=8065
      # Optional: enable encryption (pastes encrypted at rest)
      # - MICROBIN_ENCRYPTION_CLIENT_SIDE=true
      # Optional: set admin username and password
      # - MICROBIN_ADMIN_USERNAME=admin
      # - MICROBIN_ADMIN_PASSWORD=change-me-to-a-strong-password

volumes:
  microbin-data:

Start it:

docker compose up -d

Open http://your-server:8065. You can immediately create pastes, upload files, and generate QR codes for sharing.

Installation Complexity

PrivateBin wins here by a slim margin. Zero configuration is required — drop the container, expose the port, done. No database, no environment variables needed for a working setup. The read_only filesystem and tmpfs mounts are optional hardening, but the defaults work out of the box.

MicroBin is nearly as simple, but you will likely want to set several environment variables to match your use case. The defaults are sensible, but features like file uploads, syntax highlighting, and QR codes are toggled via env vars. Neither app requires a setup wizard or initial account creation.

Both are single-container deploys with no external dependencies. For self-hosted pastebins, it does not get easier than this.

Performance and Resource Usage

Metric	PrivateBin	MicroBin
Idle RAM	~30 MB	~10 MB
Under load	~60 MB	~20 MB
CPU (idle)	Negligible	Negligible
Disk (application)	~50 MB	~15 MB
Startup time	~2 seconds	<1 second
Storage backend	Flat files	SQLite

MicroBin is lighter across the board. Rust’s compiled binary and minimal runtime mean lower memory and faster startup. PrivateBin’s PHP-FPM + Nginx stack is heavier but still modest by any standard. Neither app will stress even a Raspberry Pi.

For high-volume usage (thousands of pastes per day), MicroBin’s SQLite backend may handle lookups more efficiently than PrivateBin’s flat-file storage, but at typical self-hosted volumes this difference is irrelevant.

Security Model

This is where the two apps fundamentally diverge.

PrivateBin uses zero-knowledge encryption. Every paste is encrypted in your browser using sjcl before it leaves your machine. The encryption key is placed in the URL fragment (#), which browsers do not send to the server. The server stores ciphertext it cannot decrypt. Even if someone compromises the server or seizes the disk, they get nothing readable. This is not optional — it is always on.

MicroBin supports optional client-side encryption (via MICROBIN_ENCRYPTION_CLIENT_SIDE=true), but it is off by default. Without it, pastes are stored in plaintext in SQLite. The server can read everything. With encryption enabled, MicroBin offers a similar model to PrivateBin, but the fact that it is opt-in rather than enforced is a meaningful difference for threat models where server compromise is a concern.

If you are sharing API keys, credentials, medical records, or anything sensitive: PrivateBin. If you are sharing code snippets and log files internally: MicroBin’s defaults are fine.

Use Cases

Choose PrivateBin If…

• You need guaranteed zero-knowledge encryption with no configuration
• You share sensitive information (credentials, keys, private notes)
• You want the server operator to have zero access to paste contents
• You prefer a no-database setup with flat-file storage
• You are running a public-facing paste service and want privacy by default

Choose MicroBin If…

• You need file upload support alongside text pastes
• You want a built-in URL shortener and QR code generation
• You prefer a REST API for automation and scripting
• You want the lightest possible resource footprint
• You are running an internal team pastebin where enforced encryption is not critical
• You want a single binary with no PHP/Nginx stack

Final Verdict

PrivateBin is the right default for most self-hosters. The zero-knowledge encryption model is the entire point of running your own pastebin. If you wanted pastes stored in plaintext, you could use any SaaS. PrivateBin’s always-on encryption removes the possibility of misconfiguration — you cannot accidentally share an unencrypted paste. The flat-file storage means zero database maintenance. Setup takes 30 seconds.

MicroBin earns its place if file uploads are a core requirement or if you want API-driven automation. It is also the better pick for teams running an internal paste service where encryption is less critical than features like QR sharing and syntax highlighting. The Rust binary’s tiny footprint makes it ideal for resource-constrained environments.

For a public-facing or security-sensitive paste service: PrivateBin, no contest. For an internal team tool with file sharing: MicroBin.

Related

• How to Self-Host PrivateBin
• How to Self-Host MicroBin
• Best Self-Hosted Pastebin & Snippet Tools
• Docker Compose Basics
• Reverse Proxy Setup
• Security Basics for Self-Hosting