A one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.
Deploy this app to Linode with a free $100 credit!
A one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.
The latest release of FlashPaper is available at ghcr.io/andrewpaglusch/flashpaper
.
1. Download docker-compose.yml from this repo
2. Edit docker-compose.yml
with your customizations
3. Run docker-compose up -d
to start FlashPaper
4. Set up a reverse-proxy in front of FlashPaper that terminates SSL/TLS
Requirements: PHP 7.0+ and a web server
1. Download and extract the latest release of FlashPaper to the document root of your web server
2. Copy settings.example.php
to settings.php
and make customizations to that file
3. Disable access logging in your web server's configuration so nothing sensitive (IP addresses, user agent strings, timestamps, etc) are logged to disk
<random>--secrets.sqlite
sqlite database created (if it doesn't already exist)<random>--aes-static.key
randomized 256-bit AES static key created (if one doesn't exist already)k
)prune
->min_days
/max_days
k
value returned to user in one-time URLk
value removed from URLk
value split into two parts: ID and AES keyk
k
bcrypt hash compared against bcrypt hash from DB (prevents tampering of URL)k
and IVcurl
)FlashPaper can accept secret submissions through a simple API. The retrieval URL will be returned in a JSON object.
Here's what it looks like to submit a secret with curl
:
$ curl -s -X POST -d "secret=my secret&json=true" https://flashpaper.io
{"url":"https://flashpaper.io/?k=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
prune
:enabled
: Turn on/off auto-pruning of old secrets from the database upon page loadmin_days
/max_days
: When a secret is submitted, a random date/time is generated between min_days
and max_days
in the future. After that date/time has elapsed, the secret will be pruned from the database if enabled
is set to true
. This is to prevent your database from being filled with secrets that are never retrieved. NOTE: Even if enabled
is set to false
, the prune value will still be generated and stored in the database, but secrets will not be pruned unless enabled
is switched to true
.base_url
:FlashPaper will try to generate the secret retrieval URL based on information provided by the upstream webserver. This process isn't always 100% accurate. If the secret retrieval URL that FlashPaper creates isn't correct for your setup (this usually happens when you're using a reverse proxy upstream), you can manually specify the URL that FlashPaper will use. For example: A base_url
of "https://foo.com/flashpaper" will result in retrieval URLs like "https://foo.com/flashpaper/?k=xxxxxxxxxxxxx".
PayPal: https://paypal.me/AndrewPaglusch
BitCoin: 1EYDa33S14ejuQGMhSjtBUmBHTBB8mbTRs
Donations are not expected, but they are very appreciated!
Please login to review this project.
No reviews for this project yet.
Advanced and beautiful pastebin.
Lightweight pastebin (and url shortener) built using flask.
Simple open source web application that lets users encrypt …
Comments (0)
Please login to join the discussion on this project.