Skip to content

secret sharing service with auto-expiry as default, doesn't need accounts

License

Notifications You must be signed in to change notification settings

abhishekkr/dory

Repository files navigation

dory

Share your secret with a fish that have short term memory.

  • this is a secret sharing service for masses, where you don't need to be authenticated at service to store and share secret

  • anyone with access to service can upload a secret and share the token with people they wanna share it

  • if accessed without an explicit retention parameter, the secret gets purged on first fetch

  • if stored in cache mode, it self expires after a TTL if not accessed for that duration

  • even service admin can't decipher a secret posted by any user

Go Report Card Build Status

quick try using docker abhishekkr/dory:1.2-alpine

quick usage guide for dory server and client

When you run dory, webserver by default will be available at :8080 and hosts help document for quick overview.

Current Features:

  • local-auth has 2 kind of datastores, non-persistent cache and persistent disk
  • both of these stores purge their entry on any fetch by default, unless asked to keep=true it further

  • cache store has extra expiry attached to it, for keys to self-delete if not accessed for TTL (default 300seconds)

  • disk store persists secrets which are resumable even after service restart

  • all secrets are stored post AES encryption with per secret unique token

  • every secret can only be deciphered by it's token which is returned as response of posting the secret, so if token is lost... so is data in secret

  • token is also required to delete the secret by normal users

  • admin tasks
  • listing of all the keys against which secrets are stored

  • purge one key, if by mistake wrong or undesired secret has been shared

  • purge all keys, for cleanup or in times of threat

just a reminder that value is not recoverable using Admin Token

  • /ping api listing count of keys in cache and disk

Using

  • Managing simple secrets
## adding expirable secret file, life of 180sec if not read
DORY_KEY=$(curl -skL -v -X POST -H "Content-Type: multipart/form-data" \
        -d@secret.json  \
        "http://127.0.0.1:8080/local-auth/mysecret?ttlsecond=180")

## fetching secret, which expires on read
curl -skL -v --request GET -o secret.json  \
        --header "X-DORY-TOKEN: ${DORY_KEY}" \
        "http://127.0.0.1:8080/local-auth/mysecret"
  • Support for big files which need multipart form-data
SECRET_FILE="mysecret.store"

## adding expirable secret file, life of 300sec if not read
DORY_KEY=$(curl -skL -v -X POST -H "Content-Type: multipart/form-data" \
        -F "form=@${SECRET_FILE}" \
        "http://127.0.0.1:8080/local-auth/${SECRET_FILE}?ttlsecond=300&file-field=form")

## fetching secret, which expires on read
curl -skL -v --request GET -o secret.store  \
        --header "X-DORY-TOKEN: ${DORY_KEY}" \
        "http://127.0.0.1:8080/local-auth/${SECRET_FILE}"

developer's documentation


image of dory


MIT Licensed