A straightforward web application that enables users to share confidential information with others via temporary links. Once the recipient opens the link, the secret message is automatically removed from the server.
Secrets are stored in Redis and encrypted using the application's secret key.
The application is intentionally designed to be as simple as possible to meet stringent security standards: minimal JavaScript, basic CSS, and no extravagant features.
It employs the following components:
Configuration can be accomplished by utilizing Docker secrets, environment variables, or a configuration file. The resolution of configuration settings follows this sequence:
- Check for a file named the same as the setting in the directory /run/secrets. If such a file exists, the value is extracted from the file's content.
- Verify if an environment variable with the corresponding name exists.
- Search for the key in the configuration file named "config.json".
The following table provides guidance on configuring the app:
key | secret file | environment variable | definition | default value |
---|---|---|---|---|
app.secret_key | /run/secrets/app.secret_key | APP_SECRET_KEY | used for as flask unique key | none (mandatory) |
app.url_prefix | /run/secrets/app.url_prefix | APP_URL_PREFIX | path to prepend to all uris | empty |
app.proxy_fix | /run/secrets/app.proxy_fix | APP_PROXY_FIX | if set to True, handle X-Forwarded-For header | False |
secrets.max_length | /run/secrets/secrets.max_length | SECRETS_MAX_LENGTH | maximum allowed messages length | 2048 |
redis.url | /run/secrets/redis.url | REDIS_URL | redis url | none, in-memory storage is used if missing |
passwords.max_attempts | /run/secrets/password.max_attempts | PASSWORDS_MAX_ATTEMPTS | how many tries are allowed | 3 |
TranslationsDocument configuration keysjavascript : hint on password strength (https://github.com/dropbox/zxcvbn ?)javascript : message length
I use podman-compose :
podman-compose up -d
Will start the application in debug (=flask auto-reload) mode along with a redis instance.
using docker or podman : docker build -t ihaveasecret -f Containerfile
pybabel extract -F babel.cfg -o messages.pot .
pybabel init -i messages.pot -d translations -l fr
pybabel compile -d translations
pybabel update -i messages.pot -d translations