A self-hosting app to share secrets only one-time.
MIT License
A self-hosting app to share secrets only one-time.
1MB
).AES
in CBC
mode, with a 256-bit
key.Mongo
Postgres
MySQL
This application is entirely run in Docker and comes with Mongo 4.2
image. (view the docker-compose.yml
for further reference.)
To execute this app, simply run following command.
make start
This application can connect to a external database.
(Currently support Postgres
and Mysql
).
To execute this app, simply run following command.
# Set the connection string to your database.
export DB_URL=mysql://root:[email protected]:3306/ots_share
make start-no-db
OR
Change the modify the DB_URL
variable under ots-share-run-no-db
service in docker-compose.yml
,
and then run
make start-no-db
After that, the application is accessible via http://localhost:8282
A sample request body is as follows.
{
"content": "U2FsdGVkX1+XUedzb2748LeKmf9UpN9hVWjBDUwJfXs=",
"expireIn": {
"value": 10,
"unit": "minutes"
}
}
Property | type | is required | purpose |
---|---|---|---|
content |
string |
yes | Encrypted content |
expireIn |
object |
yes | Expiration configurations |
expireIn .value
|
number |
yes | numerical value of expiration. E,g 1, 2 |
expireIn .unit
|
enum ('days' , 'hours' ) |
yes | Unit of expiration. |
Create
request.curl 'http://localhost:8282/api/record' -H 'Content-Type: application/json' \
--data-raw \
'{
"content" : "U2FsdGVkX1+bozD8VjexiUeHJ3BfdxrXCmRyai8V0hY=",
"expireIn": {
"value": 1,
"unit": "minutes"
}
}'
--compressed
GET
request.curl 'http://localhost:8282/api/record/b2nC422huavXfMs2DWZ2Z9' -H 'Content-Type: application/json'
A sample record body is as follows.
{
"id": "iN2jS3y1pstio7JVXs1zLF",
"slug": "iN2jS3y1pstio7JVXs1zLF",
"content": "U2FsdGVkX1+XUedzb2748LeKmf9UpN9hVWjBDUwJfXs=",
"expiary": "2023-02-12T14:55:41.510Z",
"status": "avaiable",
"created_at": "2023-02-12T14:45:41.521Z"
}
Property | type | is required | purpose |
---|---|---|---|
id |
string |
yes | Primary key of the record |
slug |
string |
yes | For future use (Primary key of the record) |
content |
string |
yes | Encrypted content |
expiary |
string (Date ) |
yes | Expiration date and time |
status |
enum ('avaiable' , 'unavaiable' ) |
yes | For future use. |
created_at |
string (Date ) |
yes | Record created date |
Text
from top menu.Secret content
text box.Create
Button.URL
in the text box. (Click the Copy Icon
).File
from top menu."Drag 'n' drop"
area or drag and drop a file.(Pleas refer to screen regarding the file size limits).
Upload a file.
Click the Create
Button.
Copy the URL
in the text box. (Click the Copy Icon
).
Fetch Content
.You'll see the following screen.
Click the "Click there to view the content"
.
You will see the content as follows.
You'll see the following screen.
Click the "Click here to download the file"
button to download the file.
In case of an error, the following screen will appear.
Support only for texts
.
You can use the CLI
to utilize APIs
.
Encryption using CLI
#!/bin/bash
# Configs
PASSWORD="pass-key"
OTS_SHARE_DOMIN="http://host.docker.internal:8282"
OTS_SHARE_API="$OTS_SHARE_DOMIN/api/record"
OPENSSL_PARAMETERS_PASSWORD="-pass pass:$PASSWORD"
OPENSSL_PARAMETERS_ALGORITHM="-base64 -aes-256-cbc -pbkdf2"
text_to_encrypt="test string to encrypt"
################
## Encryption ##
################
# Record expiration value. A numerical value
RECORD_EXPIRATION_VALUE=10
# Record expiration unit. It can be "minutes" or "hours"
RECORD_EXPIRATION_UNIT="minutes"
# 1. Generate encrypted string
encrypted_content=$(echo $text_to_encrypt | openssl enc -e $OPENSSL_PARAMETERS_ALGORITHM $OPENSSL_PARAMETERS_PASSWORD)
# 2. Make API call OTS-Share and retrieve the Id
# We need this id for encryption
record_id=$(\
curl -s "$OTS_SHARE_API" \
-H 'Content-Type: application/json' \
--data-raw \
'{ "content" : "'$encrypted_content'", "expireIn": { "value": '$RECORD_EXPIRATION_VALUE', "unit": "'$RECORD_EXPIRATION_UNIT'" }}' \
--compressed \
| jq '.id' \
| tr -d '"' \
)
#### Encryption results
echo "!!! Keep these safe !!!"
echo "-----------------------------------"
echo "Record id: $record_id"
echo "Password: $PASSWORD"
echo "-----------------------------------"
echo "(This record will expires in: $RECORD_EXPIRATION_VALUE $RECORD_EXPIRATION_UNIT)"
!!! Keep these safe !!!
-----------------------------------
Record id: b2nC422huavXfMs2DWZ2Z9
Password: pass-key
-----------------------------------
(This record will expires in: 10 minutes)
#!/bin/bash
# Configs
PASSWORD="pass-key"
OTS_SHARE_DOMIN="http://host.docker.internal:8282"
OTS_SHARE_API="$OTS_SHARE_DOMIN/api/record"
OPENSSL_PARAMETERS_PASSWORD="-pass pass:$PASSWORD"
OPENSSL_PARAMETERS_ALGORITHM="-base64 -aes-256-cbc -pbkdf2"
$record_id="b2nC422huavXfMs2DWZ2Z9" # ID from previous encryption operation
################
## DECRYPTION ##
################
# 1. Fetch content
content=$(\
curl "$OTS_SHARE_API/$record_id" \
-s -H 'Content-Type: application/json' \
--compressed \
| jq '.content' \
| tr -d '"' \
)
# 2. Decrypt
decrypted_content=$(echo $content | openssl enc -d $OPENSSL_PARAMETERS_ALGORITHM $OPENSSL_PARAMETERS_PASSWORD)
echo "-----------------------------------"
echo "Content: $decrypted_content"
echo "-----------------------------------"
-----------------------------------
Content: test string to encrypt
-----------------------------------
docker-compose.yml
under or ots-share-run-no-db
service.docker-compose.yml
under ots-share-run
or ots-share-run-no-db
service.mongo-local
service in docker-compose.yml
to keep the data persistent.Please change the DEV_PORT
variable the docker-compose.yml
under ots-share-run
or ots-share-run-no-db
service.
Please change the DEV_PORT
variable the docker-compose.yml
under ots-share-run-no-db
service to connect to external database.
DB_URL
must be a connection string.
DB_URL
as an URL
and use the protocol
to identify the database
driver.mongodb://mongo-local/ots-share
- for Mongo
postgres://db:[email protected]:5432/ots_share
- for Postgres
mysql://root:[email protected]:3306/ots_share
- for MySQL
SERVER_PORT
variable in the in docker-compose.yml
under ots-share-run
or ots-share-run-no-db
service.PURGE_TRIGGER_INTERVAL
variable in the in docker-compose.yml
under ots-share-run
or ots-share-run-no-db
service.PURGE_TRIGGER_INTERVAL
value must be in milliseconds
.UI:
Server:
DB support:
MongoDB
- (default DB
)Postgres
MySQL
Step 1 & 2.
Step 3.
Press Deploy the stack to deploy.
The URL format, which required sending to the other party, is as follows. The id
received from the backend API gets concatenated with the password. After that, the contaminated string gets encoded into Base 58
.
The format is as follows.
<hosted-domain>/r/Base58Encoded(id-from-api : password : type : file-name)
type
is 'text'
or 'file'
.type
and file-name
is optional.type
is default to text
if not mentioned.file-name
is available for file.Base 64
encoding.Contribution
instructions.