The primary use-case is sharing sensitive data by making the information self-destructed, accessible only once and protected by easy-to-share PIN code. I just needed a simple and better alternative to the most popular way of passing passwords, which is why this project was created. Doing this by email always made me concerned about the usual "security" of sending user and password info in two different emails - which is just a joke.
It runs on safesecret.info for real. Feel free to use it if you are crazy enough to trust me, or just run your own from prepared docker image. And of course, you can build from sources as well.
Create a safesecret link to your message by entering 3 things:
This will give you a link which you can send by email, chat or share by using any other means. As soon as your recipient opens the link they will be asked for the secret PIN and see your secret message. The PIN is (typically) numeric and easy to pass by a voice call or text message. Each link can be opened only once and the number of attempts to enter a wrong PIN is limited to 3 times by default.
Feel free to suggest any other ways to make the process safer.
docker-compose.yml
and secrets-nginx.conf
docker-compose.yml
with:
etc/ssl
and set:
docker-compose up -d
. This will download a prepared image from docker hub and start all components.docker-compose build
will do it, and then docker-compose up -d
.See docker-compose.yml for more details
Safesecret usually deployed via docker-compose and has two containers in:
secrets
container providing both backend (API) and frontend (UI)Application container is fully functional without nginx proxy and can be used in stand-alone mode. You may want such setup in case you run safesecret behind different proxy, i.e. haproxy, AWS ELB/ALB and so on.
Safesecret provides trivial REST to save and load messages.
POST /api/v1/message
, body - {"message":"some top secret info", "exp": 120, "pin": "12345"}
exp
expire in N secondspin
fixed-size pin code
$ http POST https://safesecret.info/api/v1/message pin=12345 message=testtest-12345678 exp:=1000
HTTP/1.1 201 Created
{
"exp": "2016-06-25T13:33:45.11847278-05:00",
"key": "f1acfe04-277f-4016-518d-16c312ab84b5"
}
GET /api/v1/message/:key/:pin
```
$ http GET https://safesecret.info/api/v1/message/6ceab760-3059-4a52-5670-649509b128fc/12345
HTTP/1.1 200 OK
{
"key": "6ceab760-3059-4a52-5670-649509b128fc",
"message": "testtest-12345678"
}
```
GET /api/v1/ping
```
$ http https://safesecret.info/api/v1/ping
HTTP/1.1 200 OK
pong
```
GET /api/v1/params
```
$ http https://safesecret.info/api/v1/params
HTTP/1.1 200 OK
{
"max_exp_sec": 86400,
"max_pin_attempts": 3,
"pin_size": 5
}
```