Pass-along

The main application uses port 8080.

/healthz and /metrics endpoints uses port 8888.

Server config

The following config can be set via environment variables

Tables	Required	Default
SERVER_SALT	x
DATABASE_TYPE		in-memory
REDIS_SERVER		localhost
REDIS_PORT		6379
SERVER_PORT		8080
HEALTH_PORT		8888
LOG_LEVEL		info
VALID_FOR_OPTIONS		3600,7200,43200,86400
MAX_SECRET_BYTES		10485760
MAX_FILES		20
MAX_FILE_SIZE_BYTES		104857600
ENABLE_HSTS		false
HSTS_MAX_AGE_SECONDS		31536000

SERVER_SALT

Required. Must be at least 32 characters and high entropy. This value is used as server-side secret material for key derivation.

DATABASE_TYPE

Can either be in-memory or redis.

REDIS_SERVER

Address to your redis server.

REDIS_PORT

Used to specify the port your redis server is using.

SERVER_PORT

Listen port for api and ui endpoint.

HEALTH_PORT

Listen port for health endpoint, used mainly for liveness probes.

LOG_LEVEL

Used to specify loglevels, valid values are: debug, info, warn and error

VALID_FOR_OPTIONS

Which options are available in the UI for secret expiration. Only these values are accepted server-side for expires_in.

MAX_SECRET_BYTES

Maximum size of secret text content.

MAX_FILES

Maximum number of attached files.

MAX_FILE_SIZE_BYTES

Maximum size per file attachment.

ENABLE_HSTS

Enable HSTS response header. Keep disabled unless TLS is correctly terminated upstream.

HSTS_MAX_AGE_SECONDS

HSTS max-age value when ENABLE_HSTS=true.

Create a new secret

curl --request POST \
  --url http://localhost:8080/api \
  --header 'Content-Type: application/json' \
  --data '{
	"content": "some super secret stuff goes here",
	"expires_in": 10
}'

expires_in is number of seconds until it expires.

The response will be the ID of your secret, which can be used to fetch it again.

Note: this returned value is a token containing both lookup identifier and access key.

Fetch a secret

To fetch you secret again to a GET request to http://localhost:8080/api/<your-secret-id-goes-here>

For example:

curl --request GET \
  --url http://localhost:8080/api/Jsm9nDvKVhtAQEfz1Bukx7jHeKIBpPV8kX0B_a4w2rEqAke0MYJ_uvGc30s6o85TiIn-qeBm_9S55ajlDzysRw

Security and deployment notes

Keep /healthz and /metrics on a non-public network.
Always run behind TLS (reverse proxy / ingress is supported).
Security headers and no-store cache controls are enabled by default.
Rotate SERVER_SALT as part of incident response.
If a link is leaked, treat the secret as compromised and rotate underlying credentials.

Name		Name	Last commit message	Last commit date
Latest commit History 226 Commits
.github		.github
.vscode		.vscode
api		api
config		config
crypto		crypto
datastore		datastore
memory		memory
metrics		metrics
redis		redis
scripts		scripts
static		static
types		types
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Pass-along

Server config

SERVER_SALT

DATABASE_TYPE

REDIS_SERVER

REDIS_PORT

SERVER_PORT

HEALTH_PORT

LOG_LEVEL

VALID_FOR_OPTIONS

MAX_SECRET_BYTES

MAX_FILES

MAX_FILE_SIZE_BYTES

ENABLE_HSTS

HSTS_MAX_AGE_SECONDS

Create a new secret

Fetch a secret

Security and deployment notes

About

Uh oh!

Releases 21

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Pass-along

Server config

SERVER_SALT

DATABASE_TYPE

REDIS_SERVER

REDIS_PORT

SERVER_PORT

HEALTH_PORT

LOG_LEVEL

VALID_FOR_OPTIONS

MAX_SECRET_BYTES

MAX_FILES

MAX_FILE_SIZE_BYTES

ENABLE_HSTS

HSTS_MAX_AGE_SECONDS

Create a new secret

Fetch a secret

Security and deployment notes

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 21

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages