Onetime Secret
Self-destructing service for sharing single-use encrypted secrets
Onetime Secret is an open-source service for sharing sensitive text as single-use links. Secrets are encrypted on the server and expire either after a single view or after a configured time-to-live.
Key Features
- Create single-use (self-destructing) secret links that delete after being viewed or after a TTL.
- Server-side encryption of stored secrets with an optional passphrase option; passphrases are bcrypt-hashed and used to protect decryption.
- REST API and web UI for creating and retrieving secrets; supports anonymous and authenticated workflows.
- Configurable TTL options and passphrase policy (minimum length, complexity, enforcement settings).
- Support for custom share domains and UI/auth configuration for self-host deployments.
- Docker images and a documented quick-start (Redis-backed storage, recommended Ruby runtime) for easy deployment.
Use Cases
- Safely send passwords or credentials over email/chat where persistent copies are undesirable.
- Issue ephemeral API tokens, one-time links for password resets, or short-lived provisioning secrets.
- Provide secure, single-view communication for support, onboarding, or sensitive troubleshooting details.
Limitations and Considerations
- Without a user-provided passphrase, secrets are encrypted on the server but decryptable by the service operator; use passphrases for stronger zero-knowledge guarantees.
- Secret size is limited (enforced per plan; documentation cites per-plan limits, e.g., ~1k–10k characters).
- Encrypted backups exist for disaster recovery and may retain encrypted secrets for a limited retention window (documented backup retention is not indefinite).
- Not a long-term secrets vault: designed for ephemeral, single-view sharing rather than secret rotation, audit history, or full enterprise secret-management features.
Onetime Secret provides a focused, auditable way to share ephemeral secrets via web or API. It is useful where short-lived, single-view confidentiality is required, and it offers configurable protections (TTL and passphrases) for stronger privacy guarantees.
Categories:
Tags:
Tech Stack:
Redis
Docker
pnpm
Ruby
Node.js
Tailwind CSSSimilar Services
asciinema
Command-line terminal session recorder and web player
Open-source CLI for recording, replaying and live-streaming terminal sessions using lightweight asciicast files and an embeddable web player.
PrivateBin
Zero-knowledge encrypted pastebin with browser-side AES encryption
PrivateBin is a minimalist zero-knowledge pastebin that encrypts and decrypts pastes in the browser, with optional passwords, expiration, discussions, and file uploads.
MicroBin
Secure pastebin for text and file sharing with URL shortening
MicroBin is a lightweight, secure pastebin for sharing text, files, and short URLs with optional encryption, expiration controls, and raw file serving.
Opengist
Self-hosted Git-backed pastebin and Gist-compatible code snippet manager
Self-hosted pastebin powered by Git. Create, share and manage public, unlisted or private code snippets with syntax highlighting, Git push/pull, OAuth logins and Docker/H...
ByteStash
Self-hosted web app for storing and organizing code snippets
ByteStash is a self-hosted snippet manager for creating, editing, and filtering code snippets with secure storage in SQLite and an optional API with Swagger UI.
Enclosed
Minimal app for sharing end-to-end encrypted notes and files
Self-hostable, end-to-end encrypted note and file sharing with zero-knowledge storage, optional passwords, expiration (TTL), and delete-after-reading links.
