Skip to content
forked from smallwat3r/shhh

Keep secrets out of emails or chat logs, share them using secure links with passphrase and expiration dates.

License

Notifications You must be signed in to change notification settings

betweenvenus/shhh

 
 

Repository files navigation

Shhh

Build Status codecov

What is it?

Shhh is a tiny Flask app to create encrypted secrets and share them securely with people. The goal of this application is to get rid of plain text sensitive information into emails or chat logs.

Shhh is deployed at shhh-encrypt.com, but it's better for organisations and people to deploy it on their own personal / private server for even better security. You can find in this repo everything you need to host the app yourself.

Or you can one-click deploy to Heroku using the below button. It will generate a fully configured private instance of Shhh immediately (using your own server and Postgres database, for free).

Deploy

How does it work?

The sender has to set an expiration date along with a passphrase to protect the information he wants to share.

A unique link is generated by Shhh that the sender can share with the receiver in an email, alongside the temporary passphrase he created in order to reveal the secret.

The secret will be permanently removed from the database whenever one of these events happens:

  • the expiration date has passed (max 7 days).
  • the receiver has decrypted the message using the passphrase.

The secrets are encrypted in order to make the data anonymous, especially in the database, and the passphrases are not stored anywhere

Encryption method used: Fernet with password, random salt value and strong iteration count (100 000).

Tip: For added security, avoid telling in Shhh what is the use of the secret you're sharing. Instead, explain this in your email, and copy paste the Shhh link with the passphrase so the user can retrieve it.

Is there an API?

Yes, you can find some info here.
Also, checkout shhh-cli, a Go client to interact with Shhh API via command line.

What's the stack?

Core application

  • Flask, used as our Python backend web-framework.
  • Postgres used to store only: the unique links, the encrypted messages, the creation and expiration dates.
  • Bulma, the CSS framework.

Tools

What are the dependencies?

You can find the list of the Python dependencies here.

How to launch Shhh locally?

These methods are for development purpose only. For production / public use you might want to use a more secure configuration.

Launch it natively

Postgres

You will need a Postgres server running on localhost in the background. Create a database named Shhh.

CREATE DATABASE IF NOT EXISTS shhh;

Flask

git clone https://github.com/smallwat3r/shhh.git && cd shhh

We recommend that you create a virtual environment for this project, so you can install the required dependencies.

python -m venv env 
source env/bin/activate
pip install -r requirements.txt
pip install .

Stay in the virtual environment created.

You then need to set up a few environment variables. These will be used to configure Flask, as well as the application connection to the database.

export FLASK_APP=shhh
export FLASK_ENV=dev-local
export FLASK_DEBUG=1

export POSTGRES_HOST=localhost
export POSTGRES_DB=shhh
export POSTGRES_USER=<username>
export POSTGRES_PASSWORD=<password>
export POSTGRES_PORT=<port>

You can now launch Shhh with:

flask run

or using gunicorn:

gunicorn -b :5000 -w 3 wsgi:app --preload

You can now access Shhh at http://localhost:5000

Launch it with docker-compose (recommended)

docker-compose

You will need Docker and docker-compose installed on your machine.

docker-compose up --build  # start app
docker-compose stop        # stop app

or via Makefile:

make dc-start  # start app
made dc-stop   # stop app

Once the container image has finished building and starting, you can access:

Credits

Existing cool apps that gave me the idea to develop my own version using Python and Flask

Thanks to

License

See LICENSE file.

Contact

Please report issues or questions here.

About

Keep secrets out of emails or chat logs, share them using secure links with passphrase and expiration dates.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 67.3%
  • HTML 19.2%
  • JavaScript 8.9%
  • Dockerfile 1.7%
  • Shell 1.3%
  • CSS 0.8%
  • Other 0.8%