backend.im/onetimesecretmanagerapi-5alqhf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

One-Time Secret Manager API

This is a simple API for creating and managing one-time secrets. It allows users to securely share sensitive information by creating secrets that can only be viewed once before being automatically deleted.

Features

  • Create encrypted secrets with customizable expiration time
  • Access secrets using a unique access key
  • Automatic deletion of secrets after they are viewed
  • Secrets expire automatically after the specified time
  • Encrypted storage using strong cryptographic algorithms

API Endpoints

Create a New Secret

POST /api/v1/secrets/

Request Body:

{
  "content": "Your secret message here",
  "ttl_hours": 24  // Optional, default is 24 hours, max is 168 hours (7 days)
}

Response:

{
  "access_key": "random_access_key",
  "expires_at": "2023-09-24T12:00:00.000000",
  "secret_url": "https://your-domain.com/api/v1/secrets/random_access_key"
}

Retrieve a Secret

GET /api/v1/secrets/{access_key}

Response:

{
  "content": "Your secret message here",
  "created_at": "2023-09-23T12:00:00.000000"
}

Health Check

GET /health

Response:

{
  "status": "healthy"
}

Environment Variables

The application uses the following environment variables:

  • SECRET_KEY: Secret key for encryption (required in production)
  • ALGORITHM: JWT algorithm for tokens, default is "HS256"
  • ACCESS_TOKEN_EXPIRE_MINUTES: Default token expiration time in minutes, default is 30

Getting Started

Prerequisites

  • Python 3.8+
  • SQLite

Installation

  1. Clone the repository:
git clone https://github.com/yourusername/onetimesecretmanagerapi.git
cd onetimesecretmanagerapi
  1. Install dependencies:
pip install -r requirements.txt
  1. Set up the environment variables:
export SECRET_KEY="your-secret-key"
  1. Run database migrations:
alembic upgrade head
  1. Start the server:
uvicorn main:app --reload

The API will be available at http://localhost:8000.

Documentation

  • API documentation is available at /docs when the server is running
  • Redoc documentation is available at /redoc

Security Considerations

  • All secrets are encrypted at rest
  • The application uses strong cryptographic algorithms for encryption
  • Secrets are automatically deleted after being viewed once
  • Secrets expire automatically after the specified time

License

This project is licensed under the MIT License - see the LICENSE file for details.

Description
Project: One Time Secret Manager API
Readme 43 KiB
Languages
Python 96.7%
Mako 3.3%