A secure one-time secret sharing application built with Go (Echo) and Vue.js.
- Secure Secret Storage: Secrets are encrypted using AES-256 encryption before storage
- One-Time Access: Secrets are automatically destroyed after being viewed once
- File Upload Support: Upload files along with text secrets
- Expiration: Set expiration times from 1 hour to 7 days
- Automatic Cleanup: Expired secrets are automatically deleted
- Modern UI: Toast notifications, dark/light theme support with system preference detection
- Single Binary: Frontend files can be embedded into the Go binary for easy deployment
- Go 1.24+ with Echo web framework
- SQLite database
- AES-256 encryption for secrets and files
- Vue.js 3 with Vue Router
- TailwindCSS for styling
- Vite for build tooling
.
├── main.go # Application entry point
├── database.go # Database models and operations
├── encryption.go # Encryption utilities
├── handlers.go # HTTP request handlers
├── go.mod # Go dependencies
├── web/ # Frontend Vue.js application
│ ├── src/
│ │ ├── views/ # Vue components/pages
│ │ ├── router/ # Vue Router configuration
│ │ ├── api/ # API client
│ │ └── main.js # Vue app entry point
│ ├── package.json # Node.js dependencies
│ └── vite.config.js # Vite configuration
└── README.md
- Go 1.24 or higher
- Node.js 22+ and npm
- Install Go dependencies:
go mod download- Set environment variables (optional):
export ENCRYPTION_KEY="your-32-byte-encryption-key-here"
export PORT="8080"
export BASE_URL="http://localhost:8080"Important: In production, set ENCRYPTION_KEY to a secure random 32-byte string. Never use the default key in production!
- Run the backend:
go run .The backend will start on port 8080 by default (or the port specified in PORT environment variable).
- Navigate to the web directory:
cd web- Install dependencies:
npm install- Build the frontend:
npm run build- For development (with hot reload):
npm run devThe frontend dev server will start on port 3000 and proxy API requests to the backend.
- Start the backend server (see Backend Setup above)
- Build and serve the frontend (see Frontend Setup above)
- Open your browser to
http://localhost:8080(or the configured port) - Enter your secret text and/or upload a file
- Select an expiration time
- Click "Get Your Secret URL"
- Share the generated URL with the recipient
- Once the URL is accessed, the secret is destroyed forever
GET /api/- API health checkPOST /api/store- Store a new secret (multipart/form-data)GET /api/secret/:slug- Get secret metadata (without revealing content)GET /api/load/:slug- Load and destroy secret (reveals content)GET /api/destroy/:slug- Destroy secret without revealing content
The application uses SQLite with a single secrets table. The database file (onetime.db) is created automatically on first run.
- Secrets are encrypted using AES-256-CFB before storage
- Secrets are deleted immediately after being viewed
- Expired secrets are automatically cleaned up every minute
- File uploads are limited to 10MB
- Only specific file types are allowed
- Terminal 1 - Backend:
go run .- Terminal 2 - Frontend (with hot reload):
cd web
npm run devAccess the application at http://localhost:3000 (frontend dev server proxies to backend).
The application supports embedding frontend files directly into the Go binary for production deployments.
- Build the frontend and Go binary:
# Linux/Mac
./build.sh
# Windows
build.batOr manually:
# Build frontend
cd web
npm install
npm run build
cd ..
# Build Go binary with embedded frontend
go build -tags=!dev -o onetime .- Run the production binary:
./onetime # Linux/Mac
# or
onetime.exe # WindowsNote: When building with -tags=!dev, the frontend files are embedded into the binary using Go's embed.FS. For development, build without tags (or with -tags=dev) to serve files from the local filesystem.
See LICENSE file in the legacy application directory.