ββββββ ββββ β βββββββββββββββ βββ ββββ βββββββββββ ββββββ βββ ββ βββ ββββββ ββββββ
ββββ βββ ββ ββ β ββ ββ βββ βββββββββββββ βββββ β βββ β ββββ βββββββββ βββ β βββββ β
ββββ ββββββ ββ βββββββ β ββββ βββββββββ ββββββββ β ββββ βββββββββββ βββ βββ βββ βββββ
βββ βββββββ ββββββββ ββ ββββ β βββββββ βββ βββ β β ββββββ βββ βββββββββ βββββββ βββ β
β βββββββββββ βββββββββββ ββββ β ββββββββ ββββββββββββββββββββββββββββ ββ ββββββββ βββββββββββ
β ββββββ β ββ β β ββ ββ β β ββ ββ β ββ β βββ ββ ββ βββ β β β βββββ ββ βββββ ββ ββββββ ββ β
β β ββ β ββ β ββ β β β β β ββ β β β β ββ ββ β β β βββ β β ββ β ββ β ββ β β β
β β β β β β β β β β ββ β β β β β β ββ β β β ββ β β
β β β β β β β β β β β β β β β β β β
A secure, cyberpunk-themed secret sharing service that allows you to share sensitive information through one-time-use links. Once a secret is viewed, it's permanently deleted from the system.
- π End-to-end encryption of secrets
- β° Time-based expiration
- π₯ One-time access (secrets are deleted after viewing)
- π¨ Cyberpunk-themed UI with dark mode
- π‘οΈ Rate limiting and CSRF protection
- π Health monitoring
- π§Ή Automatic cleanup of expired secrets
- πΎ Support for SQLite and PostgreSQL databases
- π One-click secret copying
- π Masked secrets with show/hide functionality
OneTimeShare is built with security as the top priority:
-
Data Protection:
- Secrets are encrypted at rest using AES encryption
- Secrets are stored in a database with encrypted fields
- Secrets are automatically deleted after viewing or expiration
- Support for both SQLite and PostgreSQL with SSL/TLS
- Secrets are masked by default and require explicit user action to view
-
Application Security:
- CSRF protection against cross-site request forgery
- Rate limiting to prevent brute force attempts
- Input validation and size limits (16KB max)
- Secure headers (HSTS, XSS protection, etc.)
- Session security with secure cookies
- Content security policy enforcement
-
Infrastructure Security:
- Non-root container execution
- Read-only root filesystem
- Minimal base image
- Regular security updates
- Kubernetes security context
- Database connection pooling and health checks
- Create a virtual environment and install dependencies:
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
pip install -r requirements.txt- Set up environment variables:
export FLASK_APP=wsgi.py
export FLASK_DEBUG=1
export SECRET_KEY="your-secure-secret-key"
export ENCRYPTION_KEY="your-secure-encryption-key"- Run the application:
flask runVisit http://localhost:5000 to access the application.
The easiest way to run OneTimeShare is using Docker Compose, which sets up both the application and PostgreSQL database:
- Clone the repository:
git clone https://github.com/yourusername/onetimeshare.git
cd onetimeshare- Start the services:
docker-compose up --buildThe application will be available at http://localhost:5001
This setup includes:
- PostgreSQL database with persistent storage
- Automatic database initialization
- Health checks for both app and database
- Development mode with debug logging
- Volume mounts for logs and instance data
If you prefer to run without Docker Compose:
- Build the Docker image:
docker build -t onetimeshare .- Run the container:
docker run -d \
--name onetimeshare \
-p 5001:5000 \
-e FLASK_APP=wsgi.py \
-e FLASK_DEBUG=1 \
-e SECRET_KEY=your-secure-secret-key \
-e ENCRYPTION_KEY=your-secure-encryption-key \
-v $(pwd)/data:/app/data \
-v $(pwd)/logs:/app/logs \
-v $(pwd)/instance:/app/instance \
onetimeshare- Add the required secret values to a
secrets.yamlfile:
secrets:
secretKey: "your-secure-secret-key"
encryptionKey: "your-secure-encryption-key"
# Optional: Configure PostgreSQL
config:
database:
type: postgresql
postgresql:
password: "your-database-password"
postgresql:
enabled: true # Enable built-in PostgreSQL
auth:
password: "your-database-password"- Install the Helm chart:
# Add the Bitnami repository for PostgreSQL
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
# Install the chart
helm install onetimeshare ./helm/onetimeshare \
--values ./helm/onetimeshare/values.yaml \
--values ./secrets.yaml| Parameter | Description | Default |
|---|---|---|
replicaCount |
Number of replicas | 1 |
image.repository |
Image repository | onetimeshare |
image.tag |
Image tag | latest |
persistence.enabled |
Enable persistent storage | true |
persistence.size |
Storage size | 1Gi |
resources.limits |
Resource limits | {cpu: 500m, memory: 512Mi} |
config.database.type |
Database type (sqlite/postgresql) | sqlite |
postgresql.enabled |
Enable built-in PostgreSQL | false |
postgresql.auth.password |
PostgreSQL password | "" |
OneTimeShare supports two database backends:
-
SQLite (default for local development):
- Simple setup, suitable for development
- Data stored in
data/onetimeshare.db - Configured by default in development mode
-
PostgreSQL (recommended for production):
- Scalable and robust
- Connection pooling with automatic recycling
- Health checks and automatic reconnection
- Configure via environment:
export SQLALCHEMY_DATABASE_URI="postgresql://user:password@localhost:5432/onetimeshare"
- Or use Docker Compose for automatic setup
- Python 3.13+
- Docker & Docker Compose (for containerized deployment)
- PostgreSQL (optional, can use Docker Compose)
python -m pytest tests/# With SQLite (default)
flask run
# With PostgreSQL (using Docker Compose)
docker-compose up --buildThis project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
The application provides:
/healthendpoint for monitoring- Detailed logging in
logs/directory - Database connection health checks
- Docker health checks for both app and database
- Inspired by various secret sharing services
- Built with Flask and SQLAlchemy
- Cyberpunk theme inspiration from the cyberpunk genre