One-Time Secret Sharing Service
A secure API backend for a one-time secret sharing service built with FastAPI and SQLite.
Features
- Create and share secrets securely
- Secrets can only be viewed once
- Automatic deletion after viewing or expiration
- Customizable time-to-live (TTL) for secrets
- Background cleanup of expired secrets
- Encrypted storage of secrets
API Endpoints
Health Check
GET /health
Returns the health status of the API and database connection.
Create a Secret
POST /api/v1/secrets
Create a new secret and get a token to access it.
Request Body:
{
"content": "Your secret message here",
"ttl_hours": 24 // Optional, defaults to 24 hours
}
Response:
{
"token": "unique-token-id",
"expires_at": "2023-07-28T10:00:00.000Z",
"message": "Secret stored successfully"
}
Retrieve a Secret
GET /api/v1/secrets/{token}
Retrieve a secret using its token. The secret is deleted immediately after retrieval.
Response:
{
"content": "Your secret message here",
"message": "Secret retrieved successfully"
}
Error Responses:
404 Not Found- Secret not found, already viewed, or expired
Setup and Installation
Prerequisites
- Python 3.8+
- SQLite
Environment Variables
The application uses the following environment variables:
SECRET_KEY: Secret key for encryption (defaults to "development_secret_key" in development)
Environment Detection
The application automatically detects the environment it's running in:
- In local development, it uses the project directory for database storage
- In container deployment, it uses the
/app/storage/dbdirectory - Database permissions are automatically set to ensure write access
Installation
- Clone the repository
- Create a virtual environment and activate it:
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate - Install dependencies:
pip install -r requirements.txt
Database Setup
Run Alembic migrations to set up the database:
alembic upgrade head
The SQLite database will be created automatically in the storage/db directory with the proper permissions. The application will ensure that both the directory and the database file have appropriate write permissions.
Running the Application
Start the application with uvicorn:
uvicorn main:app --host 0.0.0.0 --port 8000 --reload
The API will be available at http://localhost:8000.
- API Documentation:
http://localhost:8000/docs - ReDoc Documentation:
http://localhost:8000/redoc - OpenAPI Specification:
http://localhost:8000/openapi.json
Security Considerations
- Secrets are encrypted before storage
- Secrets are automatically deleted after viewing
- Expired secrets are cleaned up regularly
- The service uses a TTL (time-to-live) mechanism to ensure secrets don't persist indefinitely
Development
Project Structure
.
├── alembic.ini # Alembic configuration
├── app/ # Application code
│ ├── api/ # API endpoints
│ │ └── routes/ # Route definitions
│ ├── core/ # Core application code
│ │ └── config.py # Application configuration
│ ├── db/ # Database related code
│ │ └── session.py # Database session setup
│ ├── models/ # SQLAlchemy models
│ │ ├── base.py # Base model
│ │ └── secret.py # Secret model
│ ├── schemas/ # Pydantic schemas
│ │ └── secret.py # Secret schemas
│ └── services/ # Business logic
│ ├── encryption.py # Encryption service
│ └── secret_service.py # Secret service
├── main.py # Application entry point
├── migrations/ # Alembic migrations
│ └── versions/ # Migration scripts
├── README.md # This file
└── requirements.txt # Python dependencies