Keep sensitive info out of your email & chat logs.
A one-time secret is a link that can be viewed only one time. A single-use URI.
When you send people sensitive info like passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message.
- Any recent Linux (we use Debian, Ubuntu, and CentOS)
- Ruby 1.9.1+
- Redis 2.6+
# DEBIAN
$ sudo apt-get update
$ sudo apt-get install build-essential
$ sudo apt-get install ntp libyaml-dev libevent-dev zlib1g zlib1g-dev openssl libssl-dev libxml2 libreadline-gplv2-dev
$ mkdir ~/sources
# CENTOS
$ sudo yum install gcc gcc-c++ make libtool git ntp
$ sudo yum install openssl-devel readline-devel libevent-devel libyaml-devel zlib-devel
$ mkdir ~/sources
$ cd ~/sources
$ curl -O ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p362.tar.gz
$ tar zxf ruby-1.9.3-p362.tar.gz
$ cd ruby-1.9.3-p362
$ ./configure && make
$ sudo make install
$ sudo gem install bundler
$ cd ~/sources
$ curl -O http://download.redis.io/releases/redis-2.6.17.tar.gz
$ tar zxf redis-2.6.17.tar.gz
$ cd redis-2.6.17
$ make
$ sudo make install
$ sudo adduser ots
$ sudo mkdir /etc/onetime
$ sudo chown ots /etc/onetime
$ sudo su - ots
$ [download onetimesecret]
$ cd onetimesecret
$ bundle install --frozen --deployment --without=dev
$ bin/ots init
$ sudo mkdir /var/log/onetime /var/run/onetime /var/lib/onetime
$ sudo chown ots /var/log/onetime /var/run/onetime /var/lib/onetime
$ mkdir /etc/onetime
$ cp -R etc/* /etc/onetime/
$ [secure the /etc/onetime and /var/lib/onetime directory to prevent unauthorized access]
$ [edit settings in /etc/onetime/config]
$ [edit settings in /etc/onetime/redis.conf]
$ redis-server /etc/onetime/redis.conf
$ bundle exec thin -e dev -R config.ru -p 7143 start
We include a global secret in the encryption key so it needs to be long and secure. One approach for generating a secret:
dd if=/dev/urandom bs=20 count=1 | openssl sha1
Upgrading to 0.9 should be seemless, however b/c of new functionality you will need to add the following to your config file:
:incoming:
:enabled: true
:email: example@onetimesecret.com
:passphrase: CHANGEME
:regex: \A[a-zA-Z0-9]{6}\z
:locales:
- en
- es
- de
- nl
You run your configuration from /etc/onetime/config you will also need to copy the ./etc/locale directory to /etc/onetime/locale:
$ cd /path/2/onetimesecret
$ sudo cp -r etc/locale /etc/onetime/
This is the version of onetimesecret as of March 6, 2017.