otsgo is a simple CLI and API client for One-Time Secret written in Go.
- Get system status
- Authentication
- Share, generate, get and burn Secrets as well as retrieve it's metadata
curl -sS https://webi.sh/ots | sh
$ go install github.com/emdneto/otsgo@latest
You may download otsgo binary from the latest releases on Github.
$ ots -h
A simple CLI and API client for One-Time Secret
Usage:
ots [flags]
ots [command]
Available Commands:
burn Burn a secret that has not been read yet
completion generate the autocompletion script for the specified shell
get Get secret, metadata or recent
help Help about any command
login Perform basic http auth and store credentials
share Share or generate a random secret
status Current status of the system
Flags:
--config string config file (default is $HOME/.otsgo.yaml)
-h, --help help for ots
-t, --toggle Help message for toggle
-v, --version Displays current version
Use "ots [command] --help" for more information about a command.
$ ots status
STATUS TIMESTAMP
nominal 1709507672
$ ots share -h
Share or generate a random secret
Usage:
ots share [flags]
Flags:
-f, --from-stdin Read from stdin
-g, --generate Generate a short, unique secret. This is useful for temporary passwords, one-time pads, salts, etc.
-h, --help help for share
-p, --passphrase string a string that the recipient must know to view the secret. This value is also used to encrypt the secret and is bcrypted before being stored so we only have this value in transit.
-r, --recipient string an email address. We will send a friendly email containing the secret link (NOT the secret itself).
-s, --secret string the secret value which is encrypted before being stored. There is a maximum length based on your plan that is enforced (1k-10k)
-t, --ttl int the maximum amount of time, in seconds, that the secret should survive (i.e. time-to-live). Once this time expires, the secret will be deleted and not recoverable. (default 604800)
$ ots share -g
$ ots share -s hellosecret -t 300 -p hello
$ cat <<EOF | ots share -f -
secret: hello
seret: secret
EOF
$ echo "hellosecret" | ots share -f
$ ots burn METADATA_KEY
$ ots get -h
Get secret, metadata or recent
Usage:
ots get [flags]
ots get [command]
Available Commands:
meta Retrieve secret associated metadata
recent Retreive a list of recent metadata.
secret Retrieve a Secret
$ ots get secret SECRET_KEY
$ ots get meta METADATA_KEY
$ ots get recent
USER STATE EXPIRES EXPIRED METADATA PASSHPHRASE CREATED SENT TTL
anon viewed 2024-03-10 20:13:45 false 1z3bp2asyt2mo3xk0w4ddiveg0yhhor false 2024-03-03 20:13:45 [] 167h58m13s
demouser12345@demo.com received 2024-03-10 20:01:40 false drssrmf8avh5mv8mqlj2sgvi6tsqwz9 false 2024-03-03 20:01:40 [] 0s
demouser12345@demo.com received 2024-03-10 16:17:01 false 58aqvdaqwbh2b0gx1koru0baiid894a true 2024-03-03 16:17:01 [] 0s
demouser12345@demo.com received 2024-03-10 14:57:02 false 5s3onh5cyd2e1dsa5qmsm2afq91d3g0 false 2024-03-03 14:57:02 [] 0s
demouser12345@demo.com received 2024-03-10 14:55:23 false n28eqt08te7gl7jphjg89b7p1s1cetk true 2024-03-03 14:55:23 [] 0s
otsgo will try to locate the credentials present in the environment variables. If found, every request will be made with HTTP Basic Authentication. If you get 404 Not authorized in any command, probably your credentials are wrong.
$ export OTS_USER=demo; export OTS_TOKEN=xyz
$ ots get recent
$ ots share -g -r demo@demo.com
Your password will be stored unencrypted in ~/.otsgo.yaml
$ ots login -u USERNAME -p API_TOKEN
$ ots get recent
$ ots share -g -r demo@demo.com
alias oss="ots share secret"
alias osgs="ots share secret -g"
alias ogs="ots get secret"
alias obs="ots burn secret"