Skip to content

Releases: largerio/secret

v1.0.0 — Initial public release

18 Jun 10:09
@louisbels louisbels
v1.0.0
19bc666
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0 — Initial public release Latest
Latest

First public release of Secret — a self-hosted, zero-knowledge app for sharing passwords, notes, and files with end-to-end encryption.

Highlights

  • Zero-knowledge by design — content is encrypted in the browser with XChaCha20-Poly1305; the decryption key lives in the URL fragment and never reaches the server, which adds a second AES-256-GCM layer (defense in depth).
  • Notes & files — text, Markdown, passwords, and up to 10 files per note, drag & drop, chunked uploads up to 500 MB, in-browser previews.
  • Ephemeral controls — burn-after-read, expiry (5 min → 30 days), read limits (auto-delete after N views), optional password (Argon2id), delete token.
  • Self-hosting — single Docker container; server key auto-generated on first run. Optional S3-compatible storage (AWS, MinIO, R2). 10 UI languages.
  • Official SDK@largerio/secret-sdk (JS/TS) for any instance.
  • Hardening — strict CSP/HSTS, per-IP rate limiting, PoW write protection, timing-safe comparisons, key zeroing. See SECURITY.md for the full threat model.

Deploy

mkdir secret && cd secret
curl -O https://raw.githubusercontent.com/largerio/secret/main/docker-compose.yml
docker compose up -d

Pin a version instead of latest for reproducible deploys: ghcr.io/largerio/secret:1.0.0 (exact) or :1.0 (latest patch).

Demo: https://secret.larger.io · Docs: self-hosting guide · License: MIT

Assets 2
Loading