Keep your sensitive information out of chat logs, emails, and more with heavily encrypted secrets.

Related tags

Learning resource security privacy encryption secret password safe personal-data decryption gdpr onetimesecret sensitive-data privacy-enhancing-technologies privacy-protection privacy-tools
Overview
hemmelig

Free encrypted secret sharing for everyone!

This application is to be used to share encrypted secrets cross organizations, or as private persons. Hemmelig truly cares about your privacy, and will do everything to stay that way. I hope you enjoy the product.

SaaS

Hemmelig is available at https://hemmelig.app

How it works

You enter https://hemmelig.app, write your sensitive information, expire time, optional password, and click create a secret link. You share the secret link. The receiver of the link opens it, writes the optional password, and retrieves the sensitive information. When a secret link is created, it gets its unique encryption key that is not saved to the database and only will be part of the URL. This means NO ONE can decrypt your secret without the encrypt(SECRET_MASTER_KEY + YOUR_UNIQUE_ENCRYPTION_KEY), and access to the Redis instance.

Features

  • Encryptet sensitive information sharing.
  • Encryptet attachment for signed in users.
  • Optional password protection.
  • Optional IP address restriction.
  • Encryptet key is part of the URL, and not saved to the database for an extra layer of security.
  • Available as PWA, which means you can download it as an app for your device.
  • It will detect if the secret is base64 encoded, and add a button to convert it to plain text on read.
  • Self-hosted version. Keywords: Regulatory compliance.

Docker image

hemmeligapp/hemmelig:latest

Self-hosting

If you have to follow some sort of compliance, and have to self-host, https://hemmelig.app is available as a docker image. The following is the bare minimum to run the docker image.

# To use this image you need a redis database enabled.
# Example:
#
# $ docker run -p 6379:6379 --name some-redis -d redis
#

docker run -p 3000:3000 -d --name=hemmelig \
    -e SECRET_MASTER_KEY=11111222223333344444555556666677 \ # has to be a secret key of 32 characters
    -e SECRET_REDIS_HOST=127.0.0.1 \
    hemmeligapp/hemmelig:latest

Have a look at the Dockerfile for a full example of how to run this application.

Environment variables

  • SECRET_LOCAL_HOSTNAME Default: 0.0.0.0. - The local hostname for the fastify instance
  • SECRET_PORT Default: 3000. - The port number for the fastify instance
  • SECRET_HOST Default: "". - Used for i.e. set cors to your domain name
  • SECRET_MASTER_KEY Default: 11111222223333344444555556666677 - Override this with your SECRET master key for encryption of your secrets
  • SECRET_REDIS_HOST Default: 0.0.0.0 - Override this for your redis host adress
  • SECRET_REDIS_PORT Default: 6379 - The redis port number
  • SECRET_REDIS_TLS Default: false - If the redis instance is using tls
  • SECRET_REDIS_USER Default: "" - You redis user name
  • SECRET_REDIS_PASSWORD Default: "" - Your redis password
  • SECRET_JWT_SECRET Default: good_luck_have_fun - Override this for the secret signin JWT tokens for log in
  • SECRET_DO_SPACES_ENDPOINT Default: "" - The Spaces endpoint
  • SECRET_DO_SPACES_KEY Default: "" - The Spaces key
  • SECRET_DO_SPACES_SECRET Default: "" - The Spaces secret
  • SECRET_DO_SPACES_BUCKET Default: "" - The Spaces bucket name
  • SECRET_DO_SPACES_FOLDER Default: "" - The Spaces folder for uploading
  • SECRET_MAX_TEXT_SIZE Default: "256" - The max text size for the secret. Is set in kb. i.e. 256 for 256kb.

Run locally

$ npm install

# Start the frontend
$ npm run client-dev
# http://0.0.0.0:8080

# Start the backend
$ npm run server-dev
# http://0.0.0.0:3000
Comments
  • Added automatic language detection + German translation

    Added automatic language detection + German translation

    Adding automatic detection was pretty easy. Currently, the site will get the browser language as first priority to decide the pages language. If the language is not found, it falls back to english. The selected language can be overridden by using a /en/ subpath in the URL if needed. I was not able to test this subpath somewhere other than the landing page, as well as how it's handled when being transferred to another subpage. There is currently no UI implementation for changing the display language manually.

    Adding more languages is now as easy as creating a new file public\locales\<langauge short code>\translation.json and entering the needed strings.

    I also wasn't able to set up an environment variable to change the fallback language. The variable itself is defined in config\default.cjs, but cannot be loaded into src\i18n.js for actual use. Maybe someone has an idea to solve this.

    Finally, I slightly adjusted the frontend webcode in src/client/components/header/index.js to allow more space for the Login and Sign Up buttons, since they were overlapping when using the longer, german terms. Maybe there's a way to dynamically adjust the width depending on string length.

    opened by RainerZufahl 8
  • feat: Translation support

    feat: Translation support

    Hi, this is a basic i18next implementation, language has been set to English as default/fallback. Also added react Suspense and Mantine LoadingOverlay.

    PS: I think the copy/copied tootltip is not working

    opened by luismanson 7
  • fix for issue #4 feat: add PWA support, service-worker, masked icon

    fix for issue #4 feat: add PWA support, service-worker, masked icon

    Fix for Issue #4 : add PWA support, service-worker, masked icon

    Description

    • Update manifest to include masked icon for iOS and Android
    • Update index.html to add manifest
    • Add service-worker, using a Network First StaleWhileRevalidate policy
    • Add serviceWorkerRegistration helper to register service-worker in 'prod' environment

    Related Issue Fix #4

    @bjarneo the Hemmelig.app can now be used as a PWA, here are the details of the functionality that has been added:

    • Users will be able to see cached app in case of network connectivity failure
    • The Add to home screen prompt appears on Android devices (screenshot below from my testing)
    • Unfortunately, iPhones do not allow a prompt since Apple has restricted that behavior. However, users will still be able to click the Share button on 'Safari' and click add to Home Screen to add the PWA to their home screen.
    • Since the service-worker only kicks in in the production environment, I have deployed the UI on netlify at https://pwa.atchyut.dev and enabled SSL so that it can be tested via mobile devices and tablets. (Please Note: I will be deleting this deployment from Netlify once you test it from your end and are good with the functionality)

    Add to Home Screen Prompt on Android: WhatsApp Image 2022-10-02 at 9 00 13 PM

    hacktoberfest-accepted 
    opened by theonly1me 5
  • Fix for issue #125 Multiple users are able to sign up with the same email

    Fix for issue #125 Multiple users are able to sign up with the same email

    fix: prevent multiple users from registering via the same email id

    Description

    Previously multiple users could use the same email address to sign up. With this fix, an email can only be associated to a single user

    Related Issue

    Fix #125

    hacktoberfest-accepted 
    opened by theonly1me 4
  • Fix for issue #107: Leverage the redux state for sign in / out

    Fix for issue #107: Leverage the redux state for sign in / out

    feat: leverage redux store to preserve the token on userLogin action) instead of having component level state

    Description

    Previously, the login token was handled in the component level state on sign-in and sign-up which was repeated logic and also the sign-in/sign-out has less flexibility due to the component level state. Now, the token is stored in the global redux store on sign-up/sign-in actions and users can be logged out from anywhere else within the application

    Related Issue

    Fix #107

    hacktoberfest-accepted 
    opened by theonly1me 3
  • Leverage the redux state for sign in / out

    Leverage the redux state for sign in / out

    Solve that the sign in and out will set and remove the token. Currently, this is done in the header, but if we like to sign out elsewhere as well we need to trigger the createToken in Redux.

    Hacktoberfest 
    opened by bjarneo 3
  • Updated strings to match with current version

    Updated strings to match with current version

    Copied and translated strings (and string order) from commit 220b291 to match with #90.

    Side Note: maybe we should have some kind of version system, so we can easily tell when string tables are outdated?

    opened by RainerZufahl 3
  • [DOCS] SECRET_DISABLE_USERS vs SECRET_USER_DISABLE=true

    [DOCS] SECRET_DISABLE_USERS vs SECRET_USER_DISABLE=true

    Description

    In the README.md and in docker-compose.yml the environment variable SECRET_DISABLE_USERS is mentioned, but in reality SECRET_USER_DISABLE is the right setting.

    Screenshots

    image

    Additional information

    No response

    documentation 
    opened by ITSNOTSTUPIDIFITWORKS 2
  • chore(deps): bump loader-utils and react-scripts

    chore(deps): bump loader-utils and react-scripts

    Bumps loader-utils to 2.0.3 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

    Updates loader-utils from 1.2.3 to 2.0.3

    Release notes

    Sourced from loader-utils's releases.

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)

    v2.0.2

    2.0.2 (2021-11-04)

    Bug Fixes

    • base64 generation and unicode characters (#197) (8c2d24e)

    v2.0.1

    2.0.1 (2021-10-29)

    Bug Fixes

    v2.0.0

    2.0.0 (2020-03-17)

    ⚠ BREAKING CHANGES

    • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
    • the getOptions method returns empty object on empty query (#167) (b595cfb)
    • Use md4 by default

    v1.4.1

    1.4.1 (2022-11-07)

    Bug Fixes

    v1.4.0

    1.4.0 (2020-02-19)

    Features

    • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

    ... (truncated)

    Changelog

    Sourced from loader-utils's changelog.

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)

    2.0.2 (2021-11-04)

    Bug Fixes

    • base64 generation and unicode characters (#197) (8c2d24e)

    2.0.1 (2021-10-29)

    Bug Fixes

    2.0.0 (2020-03-17)

    ⚠ BREAKING CHANGES

    • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
    • the getOptions method returns empty object on empty query (#167) (b595cfb)
    • Use md4 by default

    1.4.0 (2020-02-19)

    Features

    • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

    1.3.0 (2020-02-19)

    Features

    • support the [query] template for the interpolatedName method (#162) (469eeba)

    ... (truncated)

    Commits

    Updates react-scripts from 4.0.3 to 5.0.1

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Cleanup: delete and ignore temporary OS files (.DS_Store)

    Cleanup: delete and ignore temporary OS files (.DS_Store)

    A .DS_Store file is specific temporary local file, generated by Mac OSX, containing specific settings for a local setup. It is common practice to prevent them from pushing into the VCS.

    To be on the safe side, I added some typical os generated files into the existing gitignore

    hacktoberfest-accepted 
    opened by jodaAtGithub 2
  • chore(deps): bump shell-quote and react-scripts

    chore(deps): bump shell-quote and react-scripts

    Bumps shell-quote to 1.7.4 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

    Updates shell-quote from 1.7.2 to 1.7.4

    Changelog

    Sourced from shell-quote's changelog.

    v1.7.4 - 2022-10-12

    Merged

    Commits

    • [eslint] fix indentation and whitespace aaa9d1f
    • [eslint] additional cleanup 397cb62
    • [meta] add auto-changelog 497fca5
    • [actions] add reusable workflows 4763c36
    • [eslint] add eslint 6ee1437
    • [readme] rename, add badges 7eb5134
    • [meta] update URLs 67381b6
    • [meta] create FUNDING.yml; add funding in package.json 8641572
    • [meta] use npmignore to autogenerate an npmignore file 2e2007a
    • Only apps should have lockfiles f97411e
    • [Dev Deps] update tape 051f608
    • [meta] add safe-publish-latest 18cadf9
    • [Tests] add aud in posttest dc1cc12

    1.7.3

    • Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)
    Commits
    • 5409e72 v1.7.4
    • 4763c36 [actions] add reusable workflows
    • 8641572 [meta] create FUNDING.yml; add funding in package.json
    • 497fca5 [meta] add auto-changelog
    • 7eb5134 [readme] rename, add badges
    • 67381b6 [meta] update URLs
    • 2e2007a [meta] use npmignore to autogenerate an npmignore file
    • 18cadf9 [meta] add safe-publish-latest
    • 397cb62 [eslint] additional cleanup
    • aaa9d1f [eslint] fix indentation and whitespace
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.


    Updates react-scripts from 4.0.3 to 5.0.1

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • chore(deps): bump json5 and react-scripts

    chore(deps): bump json5 and react-scripts

    Bumps json5 to 2.2.3 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

    Updates json5 from 2.2.1 to 2.2.3

    Release notes

    Sourced from json5's releases.

    v2.2.3

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
    Changelog

    Sourced from json5's changelog.

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
    Commits
    • c3a7524 2.2.3
    • 94fd06d docs: update CHANGELOG for v2.2.3
    • 3b8cebf docs(security): use GitHub security advisories
    • f0fd9e1 docs: publish a security policy
    • 6a91a05 docs(template): bug -> bug report
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • Additional commits viewable in compare view

    Updates react-scripts from 4.0.3 to 5.0.1

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Is this project dead? No!

    Is this project dead? No!

    What would you like to share?

    You might think this project is dead as the contribution from my part is not that much these days. However, that is due to I am spending my time learn other tech, management, and what not. Will prioritize time to work more on this project in 2023.

    If you are curious about the next steps for this project, please have a look at the previous issues.

    Stay tuned. Thanks.

    opened by bjarneo 0
  • chore(deps): bump minimatch and react-scripts

    chore(deps): bump minimatch and react-scripts

    Bumps minimatch to 3.1.2 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

    Updates minimatch from 3.0.4 to 3.1.2

    Commits

    Updates react-scripts from 4.0.3 to 5.0.1

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Password not recognised from password manager

    Password not recognised from password manager

    Description

    HI Signed up using a password manager and managed to sign in with the details. When i tried on another device password not recognised ? Went back to or original device refused also cannot see a reset button?????

    Screenshots

    image

    Additional information

    No response

    bug 
    opened by thorrrr 1
  • chore(deps): bump loader-utils and react-scripts

    chore(deps): bump loader-utils and react-scripts

    Bumps loader-utils to 2.0.4 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

    Updates loader-utils from 1.2.3 to 2.0.4

    Release notes

    Sourced from loader-utils's releases.

    v2.0.4

    2.0.4 (2022-11-11)

    Bug Fixes

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)

    v2.0.2

    2.0.2 (2021-11-04)

    Bug Fixes

    • base64 generation and unicode characters (#197) (8c2d24e)

    v2.0.1

    2.0.1 (2021-10-29)

    Bug Fixes

    v2.0.0

    2.0.0 (2020-03-17)

    ⚠ BREAKING CHANGES

    • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
    • the getOptions method returns empty object on empty query (#167) (b595cfb)
    • Use md4 by default

    v1.4.2

    1.4.2 (2022-11-11)

    Bug Fixes

    ... (truncated)

    Changelog

    Sourced from loader-utils's changelog.

    2.0.4 (2022-11-11)

    Bug Fixes

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)

    2.0.2 (2021-11-04)

    Bug Fixes

    • base64 generation and unicode characters (#197) (8c2d24e)

    2.0.1 (2021-10-29)

    Bug Fixes

    2.0.0 (2020-03-17)

    ⚠ BREAKING CHANGES

    • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
    • the getOptions method returns empty object on empty query (#167) (b595cfb)
    • Use md4 by default

    1.4.0 (2020-02-19)

    Features

    • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

    1.3.0 (2020-02-19)

    ... (truncated)

    Commits

    Updates react-scripts from 4.0.3 to 5.0.1

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
Releases(v4.2.0)

  • v4.2.0(Jan 2, 2023)

    What's Changed

    • Spanish translation by @luismanson in https://github.com/HemmeligOrg/Hemmelig.app/pull/90
    • Added automatic language detection + German translation by @RainerZufahl in https://github.com/HemmeligOrg/Hemmelig.app/pull/88
    • UI fixes by @RainerZufahl in https://github.com/HemmeligOrg/Hemmelig.app/pull/100
    • Updated strings to match with current version by @RainerZufahl in https://github.com/HemmeligOrg/Hemmelig.app/pull/101
    • fix for issue #4 feat: add PWA support, service-worker, masked icon by @theonly1me in https://github.com/HemmeligOrg/Hemmelig.app/pull/109
    • docs: #110 Add contributors badge to the README by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/111
    • fix: change the views text, and and views left feature by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/112
    • fix: make the prevent burn logic work by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/113
    • security: make the user verify their password before being able to change it by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/115
    • Leverage the useForm everywhere-Signin,Signup,Secret-creation [fixes #118] by @najeebkp in https://github.com/HemmeligOrg/Hemmelig.app/pull/119
    • :zap: added confirm password field by @PranjalAgni in https://github.com/HemmeligOrg/Hemmelig.app/pull/120
    • Use correct env variable in README.md by @casperklein in https://github.com/HemmeligOrg/Hemmelig.app/pull/121
    • Add docker-compose.yml by @casperklein in https://github.com/HemmeligOrg/Hemmelig.app/pull/123
    • Fix for issue #107: Leverage the redux state for sign in / out by @theonly1me in https://github.com/HemmeligOrg/Hemmelig.app/pull/124
    • Fix for issue #125 Multiple users are able to sign up with the same email by @theonly1me in https://github.com/HemmeligOrg/Hemmelig.app/pull/126
    • Feature: Link to QR code Functionality Added. by @SankalpaFernando in https://github.com/HemmeligOrg/Hemmelig.app/pull/128
    • feat: added issue template by @bhattabhi013 in https://github.com/HemmeligOrg/Hemmelig.app/pull/135
    • feat: add cli support by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/136
    • Cleanup: delete and ignore temporary OS files (.DS_Store) by @jodaAtGithub in https://github.com/HemmeligOrg/Hemmelig.app/pull/139
    • chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/145
    • chore(deps): bump jsonwebtoken and fastify-jwt by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/149
    • chore(deps): bump fastify from 4.9.1 to 4.10.2 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/143

    New Contributors

    • @luismanson made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/90
    • @RainerZufahl made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/88
    • @theonly1me made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/109
    • @najeebkp made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/119
    • @PranjalAgni made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/120
    • @casperklein made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/121
    • @SankalpaFernando made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/128
    • @bhattabhi013 made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/135
    • @jodaAtGithub made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/139

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v4.1.0...v4.2.0

    Source code(tar.gz)
    Source code(zip)

  • v4.1.0(Sep 9, 2022)

    Features

    • When files are uploaded, they will be zipped in the browser, encrypted, and posted to the server. This means the download will be a zip file instead of x files.
    • Make it possible to deactivate user registration for your self hosted instance

    27fc1d1 - docs: update documentation 976807b - chore: change the loading overlay a bit 85b44f9 - chore: remove wrongly added dependencies 6819962 - feat: zip the files, encrypt the zip file, upload c91e199 - chore: add code owners file b061286 - fix: remove the complaint about not adding the form element 7ab2ca1 - feat: make it possible to disable user registration

    Source code(tar.gz)
    Source code(zip)

  • v4.0.0(Sep 7, 2022)

    v4.0.0

    This is a breaking release, which means that when you use this version, you can't access the old secrets if you still have any in your redis instance. You can't decrypt the files. This release will encrypt the information in the browser, and post the encrypted content to the backend.

    f83be9f - chore: update error message 8fc86be - chore: remove unused encryption key 73b18af - chore: adjust the secret id key generation d1d8070 - Revert "chore: remove keygen code which is not in use anymore" 491befd - chore: remove keygen code which is not in use anymore 82db779 - docs: remove master key from the example e9cf3cf - docs: update 361b970 - chore: fix code smells ff71855 - fix: secret id variable e51c624 - chore: encrypt the title 9a1a84c - feat: add file encryption on the client side 92ae5ce - feat: add client encryption and decryption of the text input bb0202a - docs: update the encryption and gotchas 74c4ee3 - fix: validate if the secret id does exist 6f2e0b3 - chore: remove comment which is not valid 54bc55c - fix: check if the incoming secret id from the download files is valid e50d0e8 - chore: add i18n packages

    Source code(tar.gz)
    Source code(zip)

  • v3.8.1(Sep 6, 2022)

    50bdfac - fix: check certain fields so it is possible to use curl without defining every form element

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v3.8.0...v3.9.0

    Source code(tar.gz)
    Source code(zip)

  • v3.8.0(Sep 1, 2022)

    6669340 - chore: remove compress and let the reverse proxy handle it 69440ef - chore: set max file informational error message 80a11d4 - feat: allow multiple uploads 015ccb8 - feat: allow all kinds of files 5a767f0 - feat: CIDR is now allowed to use in the ip field ( 8ed01cb - chore: remove unused dependency 8d79ddd - chore: allow .txt .svg .md and so on

    Source code(tar.gz)
    Source code(zip)

  • v3.7.0(Aug 30, 2022)

    6558a15 - docs: add more features a6cb9aa - chore: change the stats route ba3055f - feat: add a stats endpoint ae77ab1 - fix: a bug where files are deleted before they are downloaded 1553383 - feat: set a loader to the secret creation button 45d4fdd - chore: shorten the text 133755d - feat: add max views per secret ffd1aa9 - fix: disable crossOriginEmbedderPolicy to allow fetching fonts 905c590 - fix: the es6 path __dirname bug a5ec0dd - chore: update fastify to newest version 9865618 - chore: refactor the application to use es6 import and exports f2510be - chore: do not run certain workflows if readme files and the .github folder updates 7952b56 - fix: lowercase the docker image tag 3a3a6cb - security: scan the docker image b18139a - chore: rename the build name 395abc7 - security: add github repository scan with trivy

    Source code(tar.gz)
    Source code(zip)

  • v3.6.0(Aug 25, 2022)

    14c9c39 - fix: reset the enable password on new secret f9c0b0e - style: add mobile css workaround for the secret creation layout c5975c2 - chore: change the layout and position for the share button 4e1b3a4 - fix: embarrasing bug 415cb56 - feat: add share of the url 075e6f3 - security: set the max file size to the multipart middleware bdb0984 - chore: make more use of the redux sign in be76006 - chore: remove unused func 3698ae0 - security: make the password part of the encryption and decryption key if it is defined 24904cb - chore: remove the basic auth logic which is not used 88b683d - chore: run the owasp zap once a day 811d9a1 - fix: typo 6443dd4 - fix(code-smell): declare getRandomADjective as a const fb32da7 - fix(code-smell): isLoggedIn does not need to use useState ec60744 - fix(code-smell): do not assign the upload to a variable and wrap it in a try catch cfb468e - chore: let non account users download files 55d0160 - security: remove the LFI hack, and change the approach of how a file is uploaded e0f7a1e - Revert "security: update the LFI check to sanitize the filename before passing it to the folder check" 9827b9a - security: update the LFI check to sanitize the filename before passing it to the folder check 7e45d84 - security: prevent LFI if the disk adapter is being used f8754fb - docs: update the DO env vars with s3 to the explanation 396eb98 - feat: set an env variable to override the file size allowed to be uploaded

    Source code(tar.gz)
    Source code(zip)

  • v3.5.1(Aug 23, 2022)

  • v3.5.0(Aug 23, 2022)

    f8deec7 - chore: update the desktop image d372aa6 - chore: adjust the footer 6c46099 - chore: adjust the header 9ed0f23 - feat: improve the ux for the secret page fadeccc - feat: improve the ux for the landing page d9ed61f - chore: change the color for the upload and download button 21df649 - feat: add file adapter to choose between services 0a44b2e - docs: update account details 6168a81 - docs: update docker readme dea0764 - feat: add weekly docker image build 43e1bd2 - chore: change from never expire to 14 and 28 days f4ec83c - feat: do not burn the file if the preventBurn flag is set to true 657db08 - fix: a bug where file is always an object, which makes it not possible to create secrets 0b7254b - security: the user has to be signed in to download files cd79333 - security: change so you cant bypass the file type that easily 28f9e50 - fix: add the pretty bytes packages to get the correct error message 0fdef6f - chore: set max file size to 8mb a846da9 - infrastructure: publish the bleeding edge main branch to dockerhub on each push to main 32a3e97 - chore: change the icon size to 14 9a46157 - feat: make it possible to update the user data ed99d48 - chore: remove copy and pasted text

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v3.4.0...v3.5.0

    Source code(tar.gz)
    Source code(zip)

  • v3.4.0(Aug 21, 2022)

  • v3.3.0(Aug 21, 2022)

    81b5c37 - docs: add terms and condition ddbdb01 - feat: allow more file types to upload

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v3.2.1...v3.3.0

    Source code(tar.gz)
    Source code(zip)

  • v3.2.1(Aug 20, 2022)

  • v3.2.0(Aug 20, 2022)

  • v3.1.0(Aug 20, 2022)

    9257910 - feat: add optional title cf35fac - feat: change the delete profile to a modal 9f99ba7 - chore: wrap the emoji to solve the a11y issue 7de8675 - feat: make it possible to delete the user profile 0d6c437 - docs: update the privacy page 39845d0 - feat: add cloudflare and cloudfront client ip to the check

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v3.0.0...v3.1.0

    Source code(tar.gz)
    Source code(zip)

  • v3.0.0(Aug 19, 2022)

    This release is a major release as it is changing how we do encryption. It changes from a home brewed solution to be using Tweetnacl.

    IMPORTANT: This release will break your current secrets, so do not update until you have cleared the database / or just do not care about the secrets created.

    Changes:

    feat: push the docker image to dockerhub as a tag as well

    security: change from own crypto to use tweetnacl

    fix: how we handle the sign up error handling

    chore: increase password length, and add symbols to the mix

    chore: remove unused function

    feat: add copy button to the password field

    chore: remove unused is logged in state

    Source code(tar.gz)
    Source code(zip)

  • v2.0.0(Aug 18, 2022)

    This is the first of many releases of version 2

    What's Changed

    • Bump fastify-multipart from 4.0.7 to 5.3.1 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/45
    • Bump validator from 13.6.0 to 13.7.0 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/46
    • Bump follow-redirects from 1.14.5 to 1.14.8 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/48
    • Bump nanoid from 3.1.23 to 3.1.31 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/47
    • Bump url-parse from 1.5.3 to 1.5.7 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/49
    • Bump url-parse from 1.5.7 to 1.5.10 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/50
    • Bump minimist from 1.2.5 to 1.2.6 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/52
    • security: run the DAST for every push to main by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/54
    • build(deps): bump async from 2.6.3 to 2.6.4 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/53
    • build(deps): bump eventsource from 1.1.0 to 1.1.1 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/57
    • build(deps): bump file-type from 16.5.0 to 16.5.4 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/59
    • build(deps): bump terser from 4.8.0 to 4.8.1 by @dependabot in https://github.com/HemmeligOrg/Hemmelig.app/pull/58
    • feat: refactor and use mantine with darkmode by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/60

    New Contributors

    • @dependabot made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/45

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v1.9.0...v2.0.0

    Source code(tar.gz)
    Source code(zip)

  • v1.9.0(Dec 14, 2021)

    What's Changed

    • feat: generate random password checkbox by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/43
    • feat: add never expire TTL by @bjarneo in https://github.com/HemmeligOrg/Hemmelig.app/pull/44

    Full Changelog: https://github.com/HemmeligOrg/Hemmelig.app/compare/v1.8.5...v1.9.0

    Source code(tar.gz)
    Source code(zip)

  • v1.8.5(Nov 2, 2021)

  • v1.8.4(Nov 2, 2021)

    What's Changed

    • chore: add env file
    • fix: ignore scripts such as prepare for husky on production build
    • security: change the burn endpoint to post to prevent CSRF
    • feat: add checkbox to disable burn of a secret before expiration date
    • chore: disable file upload field if not active from the server
    • chore: increase the default secret textarea height
    • chore: run prettier
    • fix: update dependencies and eslint errors
    • Implement redux by @TaneliR in https://github.com/HemmeligOrg/Hemmelig.app/pull/42

    New Contributors

    • @TaneliR made their first contribution in https://github.com/HemmeligOrg/Hemmelig.app/pull/42
    Source code(tar.gz)
    Source code(zip)

  • v1.8.1(Oct 2, 2021)

  • v1.8.0(Oct 2, 2021)

  • v1.7.0(Oct 1, 2021)

    • Reset the form data to allow the user to post new secrets #33
    • Add secrets created statistics #32
    • Remove the expansion of the textarea #31
    Source code(tar.gz)
    Source code(zip)

  • v1.6.1(Sep 1, 2021)

  • v1.6.0(Jul 9, 2021)

    Crypto update: https://github.com/HemmeligOrg/Hemmelig.app/commit/43ec153d0bec9855fe4a4839f1267783469a7c59

    This release also goes from Preact to React. The reason is that preact/compat does not work for all libraries. This is pain.

    Source code(tar.gz)
    Source code(zip)

  • v1.5.0(Jul 2, 2021)

    The main focus of this release is to enable users to upload an image. This requires the users to sign in. Email is required.

    Other is if the secret is a base64 encoded string, it will detect this within the frontend, and add a button to convert it to plain text.

    Source code(tar.gz)
    Source code(zip)

  • v1.4.0(Jun 24, 2021)

    This release will create a more secure storing of secrets. It requires a unique key that is part of the URL in order to unlock the secret. From the README:

    You enter https://hemmelig.app, write your sensitive information, expire time, optional password, and click create a secret link. You share the secret link. The receiver of the link opens it, writes the optional password, and retrieves the sensitive information. When a secret link is created, it gets its unique encryption key that is not saved to the database and only will be part of the URL. This means NO ONE can decrypt your secret without the hash(SECRET_MASTER_KEY + YOUR_UNIQUE_ENCRYPTION_KEY), and access to the Redis instance.

    Source code(tar.gz)
    Source code(zip)

  • v1.3.3(Jun 23, 2021)

  • v1.3.2(Jun 22, 2021)

  • v1.3.1(Jun 22, 2021)

  • v1.3.0(Jun 21, 2021)

Owner
Hemmelig
Paste a password, secret message, or private information. Keep your sensitive information out of chat logs, emails, SMS, and more.
Hemmelig
GitHub https://hemmelig.app
Project to manage multiple emails at once with lots of customization. You can send and receive emails. Desktop notifications can be modified.

Technologies Used React Redux Tailwind CSS Features Admin dashboard User settings and or user dashboard send emails recive emails Connections through

Multi Email 9 Dec 17, 2022
A chat logs online saver for discord bots to save messages history & cleared messages online

Chat Logs NPM package that saves messages online to view it later Useful for bots where users can save messages history & cleared messages online Supp

TARIQ 8 Dec 28, 2022
Guardian - Securely Store and Share your Dev Secrets with your team

Guardian Securely Store and Share your Dev Secrets with your team Presentation About The Project No more sharing private development secrets over inef

Manavendra Sen 3 Oct 18, 2022
A complete and heavily tested wrapper with typings for the zapper.fi API.

Zapperfi API Unofficial wrapper for the Zapperfi API Don't forget to leave a ⭐ if you found this useful. Install # use npm $ npm i zapperfi-api # use

izayl 6 Sep 4, 2022
At BlackBox Vision we use heavily React Admin to build internal systems for our clients.

?? RA Firebase Starter ?? At BlackBox Vision we use heavily React Admin to build internal systems for our clients. Also, we rely on firebase a lot for

BlackBox Vision 2 Jun 7, 2022
A back-end web app allows you to register and login to access a secrets page

A back-end web app allows you to register and login to access a secrets page

Shreya Christiana Malogi 12 Oct 30, 2022
Zed Attack Proxy Scripts for finding CVEs and Secrets.

zap-scripts Zed Attack Proxy Scripts for finding CVEs and Secrets. Building This project uses Gradle to build the ZAP add-on, simply run: ./gradlew bu

Sepehrdad 115 Jan 3, 2023
Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript.

Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript. Installation yarn add @deepsource/shifty Usage Shifty is built

DeepSource 46 Nov 24, 2022
Pull sensitive data from users on windows including discord tokens and chrome data.

⭐ For a ?? Pegasus Pull sensitive data from users on windows including discord tokens and chrome data. Features ?? Discord tokens ?? Geolocation data

Addi 43 Dec 24, 2022
Abusing Cloudflare Workers to establish persistence and exfiltrate sensitive data at the edge.

Abusing Cloudflare Workers This repository contains companion code for the blog post MITM at the Edge: Abusing Cloudflare Workers. malicious-worker/ c

Christophe Tafani-Dereeper 10 Sep 16, 2022
A webpack plugin to enforce case-sensitive paths when resolving module

@umijs/case-sensitive-paths-webpack-plugin A webpack plugin to enforce case-sensitive paths when resolving module, similar to the well-known case-sens

UmiJS 13 Jul 25, 2022
Chat View let's you quickly and easily create elegant Chat UIs in your Markdown Files.

Obsidian Chat View Plugin Chat View let's you quickly and easily create elegant Chat UIs in your Markdown Files. Usage Every chat message must be pref

Adifyr 96 Dec 27, 2022
Application that uses the localStorage to keep the information on the activities that are pending to be done and also those that are completed

Application that uses the localStorage to keep the information on the activities that are pending to be done and also those that are completed. It provides an option to edit activities and also delete them. The clear all applies to those that are marked as completed by selecting the checkbox.

Oscar Bermudez 8 Apr 8, 2022
The Chat'Inn is a simple and minimal realtime chat application whose database is powered by firebase and firestore.

The Chat-in The Chat'Inn is a simple and minimal realtime chat application whose database is powered by firebase and firestore. The frontend part is c

Aswin Asok 11 Aug 8, 2022
Omnichannel Live Chat Widget UI Components offers a re-usable component-based library to help create a custom chat widget that can be connected to the Dynamics 365 Customer Service experience.

Omnichannel Live Chat Widget UI Components @microsoft/omnichannel-chat-widget is a React-based UI component library which allows you to build your own

Microsoft 14 Dec 15, 2022
Replaces Youtube Chat with Destiny.gg chat.

A lightweight extension that replaces the native Youtube Live chat with an embeded destiny.gg chat. Note: This is in no way affiliated with Destiny.gg

Daniel Alas 8 Jul 27, 2022
O Web-Chat é um projeto com o intuito de criar um chat de ajuda, que contém uma experiência dinâmica e salva as informações preenchidas pelo usuário usando um formulário.

Web-Chat Introdução O Web-Chat é um projeto com o intuito de criar um chat de ajuda, que contém uma experiência dinâmica e salva as informações preenc

BiaGrenzel 5 Oct 5, 2022
TS & JS Library for adaptive precision cursor for the web. Releases will come out soon! Meanwhile, check out the demo site:

Haha, cool cursor go brrrr... Table of Content What is this? Installation & Setup Installation Setup Usage Cursor controls Element settings Known issu

LemonOrange 10 Nov 24, 2022
Send encrypted and decrypted messages with verifiable keys and human readable names.

zooko-msg Encrypt and decrypt messages using AES with a preshared ECDH key generated using keys associated with Handshake names. I noticed that there

Publius Federalist 31 Jul 27, 2022