Keep secrets out of emails or chat logs, share them using secure links with passphrase and expiration dates.
Deploy this app to Linode with a free $100 credit!
Keep secrets out of emails and chat logs.
Shhh is a tiny Flask app to create encrypted secrets and share them securely with people. The goal of this application is to get rid of plain text sensitive information into emails or chat logs.
Shhh is deployed here (temporary unavailable until new deployment solution), but it's better for organisations and people to deploy it on their own personal / private server for even better security. You can find in this repo everything you need to host the app yourself.
Or you can one-click deploy to Heroku using the below button. It will generate a fully configured private instance of Shhh immediately (using your own server running Flask behind Gunicorn and Nginx, and your own Postgres database, for free).
Also, checkout shhh-cli, a Go client to interact with the Shhh API from the command line.
The sender has to set an expiration date along with a passphrase to protect the information he wants to share.
A unique link is generated by Shhh that the sender can share with the receiver in an email, alongside the temporary passphrase he created in order to reveal the secret.
The secret will be permanently removed from the database as soon as one of these events happens:
The secrets are encrypted in order to make the data anonymous, especially in the database, and the passphrases are not stored anywhere.
Encryption method used: Fernet with password, random salt value and strong iteration count (100 000).
Tip: for better security, avoid writing any info on how/where to use the secret you're sharing (like urls, websites or emails). Instead, explain this in your email or chat, with the link and passphrase generated from Shhh. So even if someone got access to your secret, there is no way for the attacker to know how and where to use it.
Yes, you can find some doc here.
These instructions are for development purpose only. For production use you might want to use a more secure configuration.
CREATE DATABASE shhh;
#### Flask
You will need to set up a few environment variables. We use them to
configure Flask, as well as the application connection to the
database.
Rename the file `/environments/local.dev.template` to
`/environments/local.dev` and fill in the missing variables
(these are the variables needed to connect to your local Postgres database).
Once done, from the root of the repository, run:
make local
This command will make sure a virtual environment is created and that
all the needed dependencies are installed, and finally launch a flask
local server.
You can now access the app at http://localhost:5000
make dc-start # to start the app (or dc-start-adminer to use adminer)
make dc-stop # to stop the app
Once the container image has finished building and has started, you
can access:
* Shhh at http://localhost:5000
* (and access the database records using Adminer on port `8080` if you launched Shhh with adminer)
Note: When started with the docker-compose set-up, the application is running with Gunicorn.
make checks # run all checks
make tests # run tests
make pylint # run Pylint report
make bandit # run Bandit report
make mypy # run Mypy report
Bellow is the list of environment variables used by Shhh.
Special thanks: @AustinTSchaffer, @kleinfelter
See LICENSE file.
Please report issues or questions here.
Please login to review this project.
No reviews for this project yet.
Comments (0)
Please login to join the discussion on this project.