Skip to content

danish17/secrets

Repository files navigation

Secrets Logo

Secrets API

A simple API to create n-times viewable secrets.

Description

Secrets is an API that allows you to create n-time viewable secrets. You can use it to share passwords and other sensitive information which should only be seen by specific people for a specified time and for a specified number of times.

It is built with Nest.js and TypeScript and you can host it on your own server. Secrets uses a MySQL to store the secrets.

You can try it out here - https://secrets.iamdani.sh.

Encryption

Secrets encrypts all the messages before storing them in the database. The encryption algorithm used is AES-192-CBC. The passphrase serves as a key and a random 16-byte buffer is used as the initialization vector (IV).

The passphrase is stored as a SHA-1 hash salted with random 16 bytes. Salt and IV are also stored in the database for decryption purposes.

API Endpoints

Viewing All Secrets

Endpoint

GET /secret/all

Viewing a Secret

Endpoint

GET /secret/view/[secret_uri]

Parameters

<secret_uri> Unique slug for the secret (upon generating it)

Example Request

GET /secret/view/ZRK9Q9n

Creating a Secret

Endpoint

POST /secret/create

Body

{
  "validFor": int, // secret validity in hours
  "viewsAllowed": int, // number of times a secret can be viewed/decrypted
  "passphrase": string, // secret passphrase to decrypt the message
  "secret": string, // message to be encrypted
}

Example Request

{
  "validFor": 24,
  "viewsAllowed": 1,
  "passphrase": "super_secret",
  "secret": "Hello world!"
}

Shredding a Secret

Endpoint

GET /secret/shred/<secret_id>

Parameters

<secret_id> Secret ID

Stay in touch

License

Secrets API is Apache-2.0 licensed.

Releases

No releases published

Packages

No packages published