OTS

OTS is a one-time secret sharing platform designed to keep the server from learning the plaintext. Secrets are encrypted client-side using symmetric AES-256, then stored server-side only in encrypted form and deleted after the first successful read.

Key Features

• Client-side AES-256 encryption; the decryption password is never sent to the server
• Secrets are deleted immediately after the first read
• Optional secret expiry (TTL) configuration
• Multiple storage backends, including in-memory and Redis
• Simple HTTP API for creating secrets and retrieving them
• Optional CLI tool for creating and fetching secrets (useful for scripts)

Use Cases

• Sharing passwords, tokens, or recovery codes securely with a single recipient
• Sending sensitive information via chat/email without long-lived exposure
• Automation and scripting workflows to distribute short-lived secrets

Limitations and Considerations

• In-memory storage backend loses secrets on service restart
• Security relies on clients handling the generated URL (containing secret ID and password in the fragment) safely

OTS provides a minimal, practical workflow for one-time sharing while reducing trust in the server by keeping encryption and decryption on the client. It is well-suited for teams and homelabs that need a lightweight, self-hosted alternative for sharing sensitive strings and small payloads.