A containerised password sharing tool using Fernet symmetric encryption.
Tempest is my attempt at a secret-sharing tool to get around the current vulnerabilities found in other open-source tools due to PyCA's implementation of Fernet, which uses AES-128 with CBC which is not secure by modern standards. With that in mind, I wrote Furnace, a TypeScript implementation of Fernet encoding, but the token's content is encrypted using XChaCha20-Poly1305, which is a quantum-resistant combination and should keep this secure for the next few years. If a newer and better encryption method becomes available, this library can be updated with ease to support it.
This means that Tempest can take your secrets, store them safely, and makes them easily movable. When your link is generated, a key is appended to your link. This is generated by the server and is NEVER stored in the database. If you modify it or remove it from the URL, the URL will not reveal the secret. When you generate the link you can set a TTL (time-to-live) or a max number of clicks. If all clicks are used, or the TTL expires, the next time someone tries to use the link, it will be deleted.
You have 3 options to deploy Tempest, either:
- using Docker
- on Vercel
- locally
Docs are incomplete, come back later and there might be something here...