Frequently asked questions
What is this for?
This tool provides a quick and secure way to share one-time secrets.
How does it work?
Creating a secret
Secrets are sent to the API where they are encrypted against a randomly generated password. The API stores the encrypted secret content in Cloudflare KV storage with the requested time-to-live (TTL) set so that the encrypted data will be automatically deleted when the TTL expires, in the event of the secret not being read before then. The password is not stored in KV and is only returned to the client along with a unique ID for the encrypted secret content to provide the sharing link.
Viewing a secret
The encrypted secret content is decrypted using the provided password, assuming this process was successful (i.e. the password was correct) then encrypted secret content is removed from Cloudflare KV storage to ensure one-time readability, then the decrypted secret content is returned to the client for viewing.
Is it secure?
Secret content is encrypted using AES-GCM encryption against a randomly generated password (PBKDF2) derived key. Only the encrypted secret content is persisted and only for as long as one of the following happens, which ever happens first.
- The secret was read
- The TTL of the secret expires
The generated password is never persisted and is only returned to the client for use in generating the one-time sharing link. Once this link is no longer visible (navigated away, refreshed etc.), there is no way to recover the password. If a password is lost, the secret will simply never be decrypted then will eventually expire and be deleted once the TTL is reached.
As part of the process to view a secret using the correct password, the encrypted secret data is deleted so that it can never be decrypted again. However, due to limitations in Cloudflare KV storage consistency, it could be technically possible to read a secret again for a short window of time.
- Changes are usually immediately visible in the Cloudflare global network location at which they are made, so multiple users in the same Cloudflare network location would be unable to read the same secret.
- Changes may take up to 60 seconds or more to be visible in other global network locations as their cached versions of the data time out, so in this case it could be technically possible to read a secret multiple times as the change to delete the secret once decrypted has not yet replicated across the Cloudflare network.
All source code is visible on GitHub but most importantly, you should use your own judgement.