Skip to content
Keep sensitive info out of your email & chat logs.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Fix incorrect parameter passing May 17, 2016
etc Updated config and kudos for new fr, cn translations Jun 27, 2018
lib Show secret ttl on metadata UI May 31, 2017
licenses Add Etherpad license in standalone file May 28, 2016
public/web Resolves #65 May 17, 2017
support Initial public release (0.8.1) Jan 30, 2013
templates Added @fr-laurentn to translation credits Jun 29, 2018
.gitignore Ignore .ruby-version Apr 28, 2017
BUILD.yml Updated config for new italian translation [via @Fastbyte01] Nov 24, 2017
LICENSE.txt Update and rename LICENSE to LICENSE.txt Mar 10, 2017 Version bump (0.10.1) Jun 27, 2018
Rudyfile Initial public release (0.8.1) Jan 30, 2013

ONE-TIME SECRET - v0.10.1 (2018-06-27)

Keep sensitive info out of your email & chat logs.

What is a One-Time Secret?

A one-time secret is a link that can be viewed only one time. A single-use URI.

Send a secret today!

Why would I want to use it?

When you send people sensitive info like passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message.


  • Any recent Linux (we use Debian, Ubuntu, and CentOS)
  • Ruby 1.9.1+
  • Redis 2.6+

Install Dependencies

$ sudo apt-get update
$ sudo apt-get install build-essential
$ sudo apt-get install ntp libyaml-dev libevent-dev zlib1g zlib1g-dev openssl libssl-dev libxml2 libreadline-gplv2-dev
$ mkdir ~/sources

$ sudo yum install gcc gcc-c++ make libtool git ntp
$ sudo yum install openssl-devel readline-devel libevent-devel libyaml-devel zlib-devel
$ mkdir ~/sources

Install Ruby 1.9

$ cd ~/sources
$ curl -O
$ tar xjf ruby-1.9.3-p362.tar.bz2
$ cd ruby-1.9.3-p362
$ ./configure && make
$ sudo make install
$ sudo gem install bundler

Install Redis 3.2

$ cd ~/sources
$ curl -O
$ tar zxf redis-3.2.9.tar.gz
$ cd redis-3.2.9
$ make
$ sudo make install

Install One-Time Secret

$ sudo adduser ots
$ sudo mkdir /etc/onetime
$ sudo chown ots /etc/onetime

$ sudo su - ots
$ [download onetimesecret]
$ cd onetimesecret
$ bundle install --frozen --deployment --without=dev
$ bin/ots init
$ sudo mkdir /var/log/onetime /var/run/onetime /var/lib/onetime
$ sudo chown ots /var/log/onetime /var/run/onetime /var/lib/onetime
$ mkdir /etc/onetime
$ cp -R etc/* /etc/onetime/
$ [secure the /etc/onetime and /var/lib/onetime directory to prevent unauthorized access]
$ [edit settings in /etc/onetime/config]
$ [edit settings in /etc/onetime/redis.conf]

$ redis-server /etc/onetime/redis.conf
$ bundle exec thin -e dev -R -p 7143 start

Generating a global secret

We include a global secret in the encryption key so it needs to be long and secure. One approach for generating a secret:

dd if=/dev/urandom bs=20 count=1 | openssl sha1
You can’t perform that action at this time.