Skip to content

ShahriyarR/one-time-secret-share

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

156 Commits
.github
.github
 
 
src/onetime
src/onetime
 
 
tests
tests
 
 
.behaverc
.behaverc
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
pytype.cfg
pytype.cfg
 
 
requirements.txt
requirements.txt
 
 
runtime.txt
runtime.txt
 
 

Repository files navigation

One Time Secret Share

For development things, we use ngrok and the hostname we choose secret.ngrok.dev That's why in Django settings you may see this hostname, just change these things to your domain.

IMPORTANT: the Flask implementation of this project is experimental. Django implementation is production ready.

One time secret sharing service on top of ReadOnce objects, ensures following features:

  • We do not log secrets and any kind of user activities.

  • We do not save secrets and any kind of user activities to any kind of local and remote storage.

  • Each secret is encrypted with per-secret unique key.

  • The secret can be only read once, there is no second chance.

  • Each secret URL created with random string and encrypted with unique key(try to create same secret data multiple times, you can see that URLs are unique).

  • Secret URLs expire in 2 hours. After 2 hours secret URL will be invalidated.

  • Found an issue? bug? Please open an issue in this repo.

Self-deployment for internal secret share

As there are increasing concerns how to share the secret between employees, it can be a great idea to host this application internally and use it behind some secure network as well.

The web layer is based on Django with security best practices and the secret object itself is secure by design. As the application does not store anything, there is no need for database connection and database migrations, there is no admin panel etc.

The demo application deployed on heroku using following commands:

* flit install --deps=production
* python3 src/onetime/entrypoints/web/manage.py collectstatic
* cd src/onetime/entrypoints/web/; gunicorn --workers=1 app.wsgi`

See Procfile for Heroku steps.

Check the demo link: https://one-time-secret-share.herokuapp.com/

How to install for development?

We use flit for package management.

Activate virtualenv, with your preferred way and install flit:

python3.10 -m venv .venv
source .venv/bin/activate

pip install flit==3.8.0

We use Makefile for automation procedures. Please see the Makefile in the repo for further details.

But to install this project with development dependencies:

make install-dev

With production dependencies:

make install

How to run tests?

make test - for non-slow and non-integration tests

make test-slow - for running slow marked tests

make test-django - for running django tests

make test-behave - for running bdd tests

How to run the server?

For running development server:

make run-dev

For running with gunicorn:

make run

TODO lists

  • Ensure incident reports

About

One time secret sharing service on top of ReadOnce objects

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases 1

v0.0.1 Latest
Jun 4, 2023

Packages

 
 
 

Contributors 5

Languages