Introduction
Sharing sensitive information on the internet has always been a challenge. Ideally, information would be shared securely with the intended audience once and disappear thereafter. This is why we created our One-Time Secret service. There are many ways to interact with our service, whether it is through our website, CLI tool, or API.
This service allows users to optionally password-protect sensitive information. A unique link is generated to distribute the secret. Once the secret is opened, it is no longer available to view again. If the secret is never viewed, it expires by itself.
Using our Website
This is probably the easiest way to interact with our One-Time Secret service. Simply go to secret.jetrails.com and you will be greeted with a form to create a password. Simply fill it out with whatever properties you want your secret to have.
The next section that is displayed shows the details of the secret. Notably, the URL to view the secret. Clicking on the Burn Secret button will delete the secret.
Once the recipient of the secret navigates to that URL, they will be greeted with a password prompt (if the secret is configured with a password).
If the password is valid, then the contents of the secret will be displayed. Revisiting that link will result in a failure to find the secret since it was already opened and destroyed.
Using our CLI tool
The One-Time Secret service is available to use through the jrctl CLI tool. Please refer to the project’s documentation for installation instructions. If you are using MacOS, then you can install it through brew:
brew tap jetrails/tap
brew install jrctl
jrctl -v
A simple example on how to interact with the service through our CLI tool can be found here. While the options for creating a secret are more robust, we will show how to use the contents of a file as the secret contents:
$ jrctl secret create -p mypassword -f ~/.ssh/id_rsa.pub
Identifier: 10d145ad-0283-462a-887a-39ef1f1b01c4
Password: mypassword
TTL: 86400 seconds
https://secret.jetrails.com/secret/10d145ad-0283-462a-887a-39ef1f1b01c4
Once created, the intended recipient of the secret can view the secret contents with the following command:
$ jrctl secret read 10d145ad-0283-462a-887a-39ef1f1b01c4 -p mypassword
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNKPUWPvfWgFlQtVXzLmsnGt80r9kknDs0mUKdTSQj
qM5oseQq1dUaDXNRaPe5/H4eZxQ7z8wefQdZx8FtxX8+BP546pTIpOg0M4LJif7NWtFBEWOSvwzmKTQU
HhKGiP2HlcL79KURP1y1x35eQmk8zD3OKo57lLfi9sNp8JuQEG9EymCynQwvjVgI4bflyGgeRCCTlD3x
XrmYkewbHuvzPIcyEwzm4iIIT4ksZqkngIcGzWkK9nnAUB0oYGw+7Pcx4QI4YBg3oqBfdC5v1mXXyDIQ
OtHQh6DD0BoZf1FKoo5MeWpvJCOLA6CJWE3JEzbVWYeN10q41tRuDoj5wLUVMpg1GREOJFMpHFOVREf+
cmTyWk0Qk6KiPAFWZuRjlKdW19uO9D6+bGH/3Jf5lNCBFi5JzDY85GB6LabzyGQOaJ9pOXVFA+t6zTL1
6sNLeraMXMJeeQrRtm77llluFDPsPUJO4eyYie2kPCjo7aRwDGZ5wALO/e0b2EHLb0xkjcc9UleHPDyB
y7HDjd+QqgPP/U+15+QGdKlfOpjflKGaAndUS3J57H4DRPJTceXTZStNEShkBHfl9wXfPm7uQciArqI/
v7mHsqpJtv8xXzoOK/RnB6wWTbEG0OZBZj/mWMQ9RJTv9cBknMYe5XcJ38jWWSCNX7ujsaTiCShkL7ii
3w==
For more information, refer to the help menu in the CLI tool.
Using our API
Optionally, you can use our API to create, read, and delete secrets. Our API is open to the public and while it is rate-limited, it does not require any authentication to use.
The following CURL command can be used to create a secret, note that the ttl parameter is optional and defaults to one day. If auto_generate is true then the password field is not used and a password is generated server side and returned.
$ curl https://api-public.jetrails.com/secret \
-X POST \
-H "content-type: application/json" \
--data-binary '{"data":"Secret Content","auto_generate":false,"password":"8os1keTPvZDVPLypAv0YWyPqMKzZAtmA","ttl":86400}' \
| jq
{
"id": "ea9d0ff1-734e-4886-aad4-bbc2bcea800b",
"password": "8os1keTPvZDVPLypAv0YWyPqMKzZAtmA",
"ttl": 86400
}
To read a secret, simply execute the following CURL command and the secret will be returned in plain text format.
$ curl https://api-public.jetrails.com/secret \
-X GET \
-H "content-type: application/json" \
--data-binary '{"id":"ea9d0ff1-734e-4886-aad4-bbc2bcea800b","password":"8os1keTPvZDVPLypAv0YWyPqMKzZAtmA"}'
Secret Content
Note: If a secret is created without a password, the password property with an empty string must still be passed.
Finally to delete a secret, simply run the following CURL command:
$ curl https://api-public.jetrails.com/secret \
-X DELETE \
-H "content-type: application/json" \
--data-binary '{"id":"ea9d0ff1-734e-4886-aad4-bbc2bcea800b"}' \
| jq
{
"id": "ea9d0ff1-734e-4886-aad4-bbc2bcea800b"
}
Comments
0 comments
Article is closed for comments.