Yopass logo

Yopass

  •  0 ratings
In category: Communication / Custom Communication Systems

About Yopass

Secure sharing of secrets, passwords and files.

  •   578  
  •   0  
  •   0  
  •   0  
Github stats:
  •  Commits: N/A  
  •   N/A  
  •   N/A  
  •  Latest commit: N/A  

Deploy this app to Linode with a free $100 credit!

Languages/Platforms/Technologies:
Lincenses:

More about Yopass

Yopass-horizontal

Yopass - Share Secrets Securely

Go Report Card codecov

demo

Yopass is a project for sharing secrets in a quick and secure manner*. The sole purpose of Yopass is to minimize the amount of passwords floating around in ticket management systems, Slack messages and emails. The message is encrypted/decrypted locally in the browser and then sent to yopass without the decryption key which is only visible once during encryption, yopass then returns a one-time URL with specified expiry date.

There is no perfect way of sharing secrets online and there is a trade off in every implementation. Yopass is designed to be as simple and "dumb" as possible without compromising on security. There's no mapping between the generated UUID and the user that submitted the encrypted message. It's always best to send all the context except password over another channel.

Demo available here. It's recommended to host yopass yourself if you care about security.

  • End-to-End encryption using OpenPGP
  • Secrets can only be viewed once
  • No accounts or user management required
  • Secrets self destruct after X hours
  • Custom password option
  • Limited file upload functionality

History

Yopass was first released in 2014 and has since then been maintained by me and contributed to by this fantastic group of contributors. Yopass is used by many large corporations none of which are currently listed in this readme. If you are using yopass and want to support other then by code contributions. Give your thanks in an email, consider donating or by giving consent to list your company name as a user of Yopass in this readme(Trusted by)

Trusted by

Command-line interface

The main motivation of Yopass is to make it easy for everyone to share secrets easily and quickly via a simple webinterface. Nevertheless, a command-line interface is provided as well to support use cases where the output of a program needs to be shared.

$ yopass --help
Yopass - Secure sharing for secrets, passwords and files

Flags:
      --api string          Yopass API server location (default "https://api.yopass.se")
      --decrypt string      Decrypt secret URL
      --expiration string   Duration after which secret will be deleted [1h, 1d, 1w] (default "1h")
      --file string         Read secret from file instead of stdin
      --key string          Manual encryption/decryption key
      --one-time            One-time download (default true)
      --url string          Yopass public URL (default "https://yopass.se")

Settings are read from flags, environment variables, or a config file located at
~/.config/yopass/defaults.<json,toml,yml,hcl,ini,...> in this order. Environment
variables have to be prefixed with YOPASS_ and dashes become underscores.

Examples:
      # Encrypt and share secret from stdin
      printf 'secret message' | yopass

      # Encrypt and share secret file
      yopass --file /path/to/secret.conf

      # Share secret multiple time a whole day
      cat secret-notes.md | yopass --expiration=1d --one-time=false

      # Decrypt secret to stdout
      yopass --decrypt https://yopass.se/#/...

Website: https://yopass.se

The following options are currently available to install the CLI locally.

  • Compile from source (needs Go >= v1.15)
export GO111MODULE=on && go get github.com/jhaals/yopass/cmd/yopass && go install github.com/jhaals/yopass/cmd/yopass
yay -S yopass

Installation / Configuration

Here are the server configuration options.

Command line flags:

$ yopass-server -h
      --address string     listen address (default 0.0.0.0)
      --database string    database backend ('memcached' or 'redis') (default "memcached")
      --max-length int     max length of encrypted secret (default 10000)
      --memcached string   Memcached address (default "localhost:11211")
      --metrics-port int   metrics server listen port (default -1)
      --port int           listen port (default 1337)
      --redis string       Redis URL (default "redis://localhost:6379/0")
      --tls-cert string    path to TLS certificate
      --tls-key string     path to TLS key

Encrypted secrets can be stored either in Memcached or Redis by changing the --database flag.

Docker Compose

Use the Docker Compose file deploy/with-nginx-and-letsencrypt/docker-compose.yml to set up a yopass instance with TLS transport encryption and certificate auto renewal using Let's Encrypt. First point your domain to the host you want to run yopass on. Then replace the placeholder values for VIRTUAL_HOST, LETSENCRYPT_HOST and LETSENCRYPT_EMAIL in deploy/with-nginx-and-letsencrypt/docker-compose.yml with your values. Afterwards change the directory to deploy/with-nginx-and-letsencrypt and start the containers with:

docker-compose up -d
Yopass will then be available under the domain you specified through VIRTUAL_HOST / LETSENCRYPT_HOST.

Advanced users that already have a reverse proxy handling TLS connections can use the insecure setup:

cd deploy/docker/compose/insecure
docker-compose up -d
Afterwards point your reverse proxy to 127.0.0.1:80.

Docker

With TLS encryption

docker run --name memcached_yopass -d memcached
docker run -p 443:1337 -v /local/certs/:/certs \
    --link memcached_yopass:memcached -d jhaals/yopass --memcached=memcached:11211 --tls-key=/certs/tls.key --tls-cert=/certs/tls.crt
Afterwards yopass will be available on port 443 through all IP addresses of the host, including public ones. If you want to limit the availability to a specific IP address use -p like so: -p 127.0.0.1:443:1337.

Without TLS encryption (needs a reverse proxy for transport encryption):

docker run --name memcached_yopass -d memcached
docker run -p 127.0.0.1:80:1337 --link memcached_yopass:memcached -d jhaals/yopass --memcached=memcached:11211

Afterwards point your reverse proxy that handles the TLS connections to 127.0.0.1:80.

AWS Lambda

Yopass website is a separate component in this step which can be deployed to netlify for free.

You can run Yopass on AWS Lambda backed by dynamodb

cd deploy/aws-lambda && ./deploy.sh

Kubernetes

kubectl apply -f deploy/yopass-k8.yaml
kubectl port-forward service/yopass 1337:1337

This is meant to get you started, please configure TLS when running yopass for real.

Monitoring

Yopass optionally provides metrics in the OpenMetrics / Prometheus text format. Use flag --metrics-port <port> to let Yopass start a second HTTP server on that port making the metrics available on path /metrics.

Supported metrics:

  • Basic process metrics with prefix process_ (e.g. CPU, memory, and file descriptor usage)
  • Go runtime metrics with prefix go_ (e.g. Go memory usage, garbage collection statistics, etc.)
  • HTTP request metrics with prefix yopass_http_ (HTTP request counter, and HTTP request latency histogram)

Translations

Yopass has third party support for other languages. That means you can write translations for the language you'd like or use a third party language file. Please note that yopass itself is english only and any other translations are community supported.

Here's a list of available translations: - German - French - Spanish

Comments (0)

Please login to join the discussion on this project.

Yopass Reviews (0)

Overall Rating

None

based on 0 ratings

Please login to review this project.

No reviews for this project yet.

↑ back to top

pCloud Lifetime

Popular Projects

FluxBB

in Social Networks and Forums
 33k    0    0    0  

Nextcloud

in File Transfer & Synchronization
 20k    1    1    0  

Libreddit

in Social Networks and Forums
 7k    0    1    0  

CasaOS

in Self-hosting Solutions
 5k    0    0    0  

Dashboard

in Personal Dashboards
 5k    0    0    0  

Audiobookshelf

in Audio Streaming
 5k    0    1    0  

Mediagoblin

in Photo and Video Galleries
 4k    0    0    0  

Most Discussed

Nextcloud

in File Transfer & Synchronization
 20k    1    1    0  

Tube Archivist

in Automation
 3k    0    1    0  

OneDev

in Project Management
 2k    0    0    0  

iodine

in Proxy
 2k    0    0    0  

Alf.io

in Booking and Scheduling
 2k    0    0    0  

sysPass

in Password Managers
 1k    0    0    0  

Misskey

in Social Networks and Forums
 2k    0    0    0  
Linux VPS from $11/yr.
RackNerd VPS for $11.38/mo

Top Rated Projects

Gitea

 1 rating
in Project Management

Bagisto

 1 rating
in E-commerce

LinkAce

 1 rating
in Bookmarks and Link Sharing

Pydio

 1 rating
in File Transfer & Synchronization

Audiobookshelf

 1 rating
in Audio Streaming

Nextcloud

 1 rating
in File Transfer & Synchronization

Seafile

 1 rating
in File Transfer & Synchronization

Categories

You May Also Be Interested In

OTS logo
OTS cover

OTS

One-Time-Secret sharing platform with a symmetric 256bit AE…

Zulip logo
Zulip cover

Zulip

Zulip is a powerful, open source group chat application.

Element logo
Element cover

Element

Fully-featured Matrix client for Web, iOS & Android.