Shhh

Shhh is a lightweight web application that creates encrypted secrets and shares them via unique links protected by a temporary passphrase. Secrets are encrypted before storage and removed after expiration, successful decryption, or exceeding allowed attempts.

Key Features

• Create encrypted text secrets protected by a user-provided passphrase
• Secrets expire automatically based on a configured expiration date
• One-time or limited-attempt opening: secret is purged after viewing or when max attempts are exceeded
• Encryption uses Fernet with a password-derived key (random salt and high iteration count)
• Does not store passphrases; only ciphertext and metadata are stored
• Provides a REST API and can be integrated via a companion CLI client
• Supports PostgreSQL or MySQL backends and can be deployed with Docker/Docker Compose
• Typical deployment stack includes Flask with Gunicorn behind a web server

Use Cases

• Share temporary credentials, tokens, or one-time instructions without leaving plain text in email or chat
• Send expiring links for password resets or sensitive file access instructions
• Integrate secret sharing into workflows or automation via the provided REST API

Limitations and Considerations

• The project has been marked for sunsetting in favor of a successor; active maintenance and hosted deployments may be discontinued
• Not a full-featured secrets management or vault solution: lacks advanced access controls, enterprise audit logging, and RBAC
• Security depends on strong passphrases and secure hosting; operational security (TLS, server hardening, database protection) is required for production use

Shhh is a simple, focused tool for short-lived secret sharing and integration into workflows. It is suitable for teams or individuals who need ephemeral, passphrase-protected messages but is not a replacement for dedicated vault systems for long-term secret management.