# One-Time Secret Manager API

This is a simple API for creating and managing one-time secrets. It allows users to securely share sensitive information by creating secrets that can only be viewed once before being automatically deleted.

## Features

- Create encrypted secrets with customizable expiration time
- Access secrets using a unique access key
- Automatic deletion of secrets after they are viewed
- Secrets expire automatically after the specified time
- Encrypted storage using strong cryptographic algorithms

## API Endpoints

### Create a New Secret

```
POST /api/v1/secrets/
```

**Request Body:**
```json
{
  "content": "Your secret message here",
  "ttl_hours": 24  // Optional, default is 24 hours, max is 168 hours (7 days)
}
```

**Response:**
```json
{
  "access_key": "random_access_key",
  "expires_at": "2023-09-24T12:00:00.000000",
  "secret_url": "https://your-domain.com/api/v1/secrets/random_access_key"
}
```

### Retrieve a Secret

```
GET /api/v1/secrets/{access_key}
```

**Response:**
```json
{
  "content": "Your secret message here",
  "created_at": "2023-09-23T12:00:00.000000"
}
```

### Health Check

```
GET /health
```

**Response:**
```json
{
  "status": "healthy"
}
```

## Environment Variables

The application uses the following environment variables:

- `SECRET_KEY`: Secret key for encryption (required in production)
- `ALGORITHM`: JWT algorithm for tokens, default is "HS256"
- `ACCESS_TOKEN_EXPIRE_MINUTES`: Default token expiration time in minutes, default is 30

## Getting Started

### Prerequisites

- Python 3.8+
- SQLite

### Installation

1. Clone the repository:
```bash
git clone https://github.com/yourusername/onetimesecretmanagerapi.git
cd onetimesecretmanagerapi
```

2. Install dependencies:
```bash
pip install -r requirements.txt
```

3. Set up the environment variables:
```bash
export SECRET_KEY="your-secret-key"
```

4. Run database migrations:
```bash
alembic upgrade head
```

5. Start the server:
```bash
uvicorn main:app --reload
```

The API will be available at `http://localhost:8000`.

## Documentation

- API documentation is available at `/docs` when the server is running
- Redoc documentation is available at `/redoc`

## Security Considerations

- All secrets are encrypted at rest
- The application uses strong cryptographic algorithms for encryption
- Secrets are automatically deleted after being viewed once
- Secrets expire automatically after the specified time

## License

This project is licensed under the MIT License - see the LICENSE file for details.