One Time Secret

The application creates single‑use URLs that deliver an encrypted secret and then automatically delete it after it is viewed or after a configurable expiration period. Secrets are stored encrypted on the server, can be protected with a custom passphrase, and may be set to expire in minutes or days. A web interface and a REST API allow users to share passwords, tokens, or other sensitive data without leaving persistent copies in email or chat logs.

It is intended for individuals or teams that need a quick, private way to transmit confidential information, such as credentials, API keys, or personal data. Developers can also embed the service into their own tools via the API, while administrators can run the software on their own infrastructure to retain full control over data and security policies.

The project is open source under the MIT license, self‑hostable, and available as a Docker image or through manual installation with Ruby, Redis/Valkey, and Node.js. It supports simple Redis‑only authentication or a full mode with SQL, MFA, and WebAuthn, and offers optional custom domains, configurable expiration, and passphrase protection.