Yopass

Yopass is an open-source service for securely sharing sensitive information. It encrypts secrets client-side using OpenPGP, stores only ciphertext on the server, and returns a one-time expiring URL to the sender.

Key Features

• Client-side end-to-end encryption using OpenPGP; server never receives plaintext or the decryption key.
• One-time or time-limited access: secrets can be configured to self-destruct after first view or after a set expiry.
• Small web UI plus a command-line client for automation and scripting use cases.
• Configurable storage backends: supports Memcached or Redis for ephemeral secret storage.
• Optional limited file upload support (files are encrypted before upload and can be disabled).
• Deployment ready: includes Docker/Compose and Kubernetes examples, plus reverse-proxy guidance for TLS and proxy trust configuration.

Use Cases

• Sharing short-lived credentials or secrets (passwords, API keys) between teammates without exposing plaintext in chat or tickets.
• Exchanging program output or sensitive configuration from automation scripts via the CLI.
• Sending single-use tokens or files that must not persist on the server once consumed.

Limitations and Considerations

• File upload functionality is limited; large-file workflows are not the primary focus and may require external tools.
• Default deployments do not enforce rate limiting; administrators should add rate limiting or WAF rules if exposed publicly.
• URLs containing the decryption key can be stored in browser history or logs; post-access cleanup and secure channels for delivering the URL are recommended.
• Security depends on correct TLS/reverse-proxy configuration and on administrators keeping dependencies and the server up to date.

Yopass is designed to be small, transparent, and security-focused: it minimizes server-side knowledge of secrets while providing simple UX and automation interfaces. It is useful for teams and automation that need quick, ephemeral secret sharing without accounts or long-term storage.