Grad shape
Grad shape

OTS

Communication - Custom Communication Systems

About this project

ots is a one-time-secret sharing platform. The secret is encrypted with a symmetric 256bit AES encryption in the browser before being sent to the server. Afterwards an URL containing the ID of the secret and the password is generated. The password is never sent to the server so the server will never be able to decrypt the secrets it delivers with a reasonable effort. Also the secret is immediately deleted on the first read.

Features

  • Secrets are encrypted with AES 256bit encryption in browser
  • Server never receives the plain text secret
  • Secret is deleted on first read

Setup

For a better setup you can choose the backend which is used to store the secrets:

  • mem - In memory storage (wiped on restart of the daemon)
  • redis - Storing the secrets in a hash under one key
    • REDIS_URL - Redis connection string redis://USR:PWD@HOST:PORT/DB
      (pre Redis v6 use auth as user, afterwards use a user available in your ACLs)
    • REDIS_KEY - Key prefix to store the keys under (Default io.luzifer.ots)
  • Common options
    • SECRET_EXPIRY - Expiry of the keys in seconds (Default 0 = no expiry)

Customization

To shorten the README this documentation has been moved to the Wiki: https://github.com/Luzifer/ots/wiki/Customization

Creating secrets through CLI / scripts

As ots is designed to never let the server know the secret you are sharing you should not just send the plain secret to it though it is possible.

OTS-CLI

Download OTS-CLI from the Releases section of the repo or build it yourself having a Go toolchain available from the ./cmd/ots-cli directory.

Afterwards you can just create and fetch secrets:

# echo "my password" | ots-cli create
INFO[0000] reading secret content...                    
INFO[0000] creating the secret...                       
INFO[0000] secret created, see URL below                 expires-at="2023-10-16 16:33:27.422174121 +0000 UTC"
https://ots.fyi/#37a75a7f-0c2d-4ae6-bcca-4208b6d596ab%7CHGShVWm5umv4lmswfM73

# ots-cli fetch 'https://ots.fyi/#37a75a7f-0c2d-4ae6-bcca-4208b6d596ab%7CHGShVWm5umv4lmswfM73'
INFO[0000] fetching secret...                           
my password

To set the instance to send the secret to or to attach files see ots-cli create --help and to define where downloaded files are stored see ots-cli fetch --help.

Both commands can be used in scripts:

  • create reads from STDIN or the specified file and yields the URL to STDOUT
  • fetch prints the secret to
Technologies & License
Apache-2.0 Go
Get Started
Source Code I want a project based on this code
Quick Deploy

Deploy this project to cloud platforms with one click

Deploy to Fly.io Open in Gitpod