πŸ” Share end-to-end encrypted secrets with others via a one-time URL

Overview

Sniptt Logo

If you use this repo, star it ✨


πŸ” Share end-to-end encrypted secrets with others via a one-time URL

Use to securely share API Keys, Signing secrets, Passwords, etc. with 3rd parties or with your teams.

Secrets are descructed πŸ’₯ once viewed, or after specified expiry.

render1626708858371

Install

Homebrew

The recommended way to install ots on macOS is via Homebrew.

brew install sniptt-official/ots/ots

NOTE: We need 30 forks, 30 watchers, and 75 stars to make it to Homebrew/core. Please help us get there πŸ‘€ !

Go

go get -u github.com/sniptt-official/ots

Manual

For manual installation instructions on macOS and Linux, please refer to the dedicated install docs.

Usage

Prompt

$ ots new -x 2h
Enter your secret: 

Pipeline

You can also use pipes, for example

$ pbpaste | ots new

or

$ cat .env | ots new

Security

Why should I trust you with my secrets?

All secrets are encrypted end-to-end, which means the plaintext values never leave your device. We do not log, track, share, or store the encryption key that protects your secret. You can check the client code to learn more about how we create the encryption key as well as what data is being sent to our servers.

Is sharing via URL really secure?

Secrets created using the ots new command are what we refer to as "one-time secrets". Once they are retrieved by the recipient, they can no longer be viewed even if someone got hold of the URL. Furthermore, each one-time secret gets automatically deleted after specified duration if not viewed. By default, this is 24 hours but you can change this as required, for example ots new -x 2h.

It goes without saying that URL-accessible one-time secrets should be shared with intended recipients only.

Can I persist my secrets for later use?

Please use the snip-cli instead.

License

See LICENSE

Issues
  • Couple of stylistics changes

    Couple of stylistics changes

    • missing error checks
    • change fields naming to follow go convention
    • use time.Duration for the expires flag instead of string
    • close request body
    enhancement 
    opened by jeremyletang 0
  • Add option to password-protect the encryption key

    Add option to password-protect the encryption key

    An interesting optional feature would be to protect the encryption key using a password. The recipient would have to enter the password on the web page, the decryption still fully client-side.

    It could be done using derivation directly, stretching the password to derive the encryption key. But that would undermine the encryption security, making the cyphertext as weak/strong as the password. Another approach is to derive a KEK from the password, wrapping the fully random encryption key. This way the cyphertext is not impacted, and the security level of the password is kept client-side.

    enhancement good first issue help wanted 
    opened by lomigmegard 0
  • Encryption key should leverage URI Fragment

    Encryption key should leverage URI Fragment

    The fragment part of the URI is not sent over the network to the server. That would ensure the key is never seen by your servers.

    The following statement would then not be needed anymore by design, as the client code is auditable.

    We do not log, track, share, or store the encryption key that protects your secret.

    enhancement good first issue help wanted 
    opened by lomigmegard 0
Releases(v0.0.5)
Owner
Sniptt
Securely share secrets without leaving your terminal
Sniptt
πŸ” Share end-to-end encrypted secrets with others via a one-time URL

If you use this repo, star it ✨ ?? Share end-to-end encrypted secrets with others via a one-time URL Use to securely share API Keys, Signing secrets,

Sniptt 20 Jul 19, 2021
πŸ” Share end-to-end encrypted secrets with others via a one-time URL

If you use this repo, star it ✨ ?? Share end-to-end encrypted secrets with others via a one-time URL Use to securely share API Keys, Signing secrets,

Sniptt 41 Jul 22, 2021
go seof: Simple Encrypted os.File

Encrypted implementation of golang' os.File. It handles WriteAt, Seek, Truncate, etc. Can deal with huge files, random access, etc.

Ed Riccardi 44 May 11, 2021
Split and distribute your private keys securely amongst untrusted network

cocert An experimental tool for splitting and distributing your private keys safely* cocert, generates ECDSA - P521 key and uses a technique known as

Furkan TΓΌrkal 132 Jul 15, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.3k Jul 23, 2021
DERO Homomorphic Encryption Blockchain Protocol

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

null 30 Jul 25, 2021
The bare metal Go smart card

Authors Andrea Barisani [email protected] | [email protected] Introduction The GoKey application implements a USB smartcard in pure Go

F-Secure Foundry 106 Jul 13, 2021
Go implementation of the Data At Rest Encryption (DARE) format.

Secure IO Go implementation of the Data At Rest Encryption (DARE) format. Introduction It is a common problem to store data securely - especially on u

Object Storage for the Era of the Hybrid Cloud 264 Jul 20, 2021
Packaging and encrypting/decrypting your files for Golang

?? Paket – A vault to packaging and encrypt/decrypt your files in golang! pkg.go.dev | Table of Contents ?? Informations ??‍?? ??‍?? What does it do ?

null 17 Jun 11, 2021
Easily encrypt data for the Adyen payment platform

adyen Encrypt secrets for the Adyen payment platform. This library uses crypto/rand to generate cryptographically secure AES keys and nonces, and re-u

CrimsonAIO 17 Jul 19, 2021
Pure Go implementation of the NaCL set of API's

go-nacl This is a pure Go implementation of the API's available in NaCL: https://nacl.cr.yp.to. Compared with the implementation in golang.org/x/crypt

Kevin Burke 507 Jun 25, 2021
DERO: Secure, Anonymous Blockchain with Smart Contracts. Subscribe to Dero announcements by sending mail to [email protected] with subject: subscribe announcements

Welcome to the Dero Project DERO News Forum Wiki Explorer Source Twitter Discord Github Stats WebWallet Medium Table of Contents ABOUT DERO PROJECT DE

null 231 Jul 13, 2021
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

null 18 Jul 19, 2021
Tooling to validate HTTPS Certificates and Connections Around Web πŸ•·οΈ

Cassler - SSL Validator Tool If your read fast, it's sounds like "Cassia Eller" Tooling to validate HTTPS Certificates and Connections Around Web ??️

Matheus Fidelis 47 Jul 6, 2021