{"id":13495560,"url":"https://github.com/jhaals/yopass","last_synced_at":"2025-11-12T22:36:40.289Z","repository":{"id":13340260,"uuid":"16027367","full_name":"jhaals/yopass","owner":"jhaals","description":"Secure sharing of secrets, passwords and files ","archived":false,"fork":false,"pushed_at":"2025-05-09T04:33:00.000Z","size":16069,"stargazers_count":2070,"open_issues_count":12,"forks_count":316,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-05-09T05:27:45.691Z","etag":null,"topics":["encryption-decryption","hacktoberfest","password-sharing","sharing-secrets"],"latest_commit_sha":null,"homepage":"https://yopass.se","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jhaals.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2014-01-18T14:54:55.000Z","updated_at":"2025-05-09T04:31:35.000Z","dependencies_parsed_at":"2023-02-12T20:33:33.244Z","dependency_job_id":"56da6ea4-37f8-4c0b-bfbe-aae43b1a32c6","html_url":"https://github.com/jhaals/yopass","commit_stats":{"total_commits":2086,"total_committers":51,"mean_commits":40.90196078431372,"dds":0.5752636625119847,"last_synced_commit":"cf51088fe8e3273178fae00eb841c9376047c53a"},"previous_names":[],"tags_count":60,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhaals%2Fyopass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhaals%2Fyopass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhaals%2Fyopass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhaals%2Fyopass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jhaals","download_url":"https://codeload.github.com/jhaals/yopass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253969241,"owners_count":21992262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption-decryption","hacktoberfest","password-sharing","sharing-secrets"],"created_at":"2024-07-31T19:01:35.911Z","updated_at":"2025-11-12T22:36:40.284Z","avatar_url":"https://github.com/jhaals.png","language":"Go","funding_links":[],"categories":["File Management and Sharing","TypeScript","Software","Go","加密_密码破解_字典","Datastores","hacktoberfest"],"sub_categories":["OS Encryption","Pastebins","资源传输下载"],"readme":"![Yopass-horizontal](https://user-images.githubusercontent.com/37777956/59544367-0867aa80-8f09-11e9-8d6a-02008e1bccc7.png)\n\n# Yopass - Share Secrets Securely\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/jhaals/yopass)](https://goreportcard.com/report/github.com/jhaals/yopass)\n[![codecov](https://codecov.io/gh/jhaals/yopass/branch/master/graph/badge.svg)](https://codecov.io/gh/jhaals/yopass)\n![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/jhaals/yopass?sort=semver)\n\n![demo](https://ydemo.netlify.com/yopass-demo.gif)\n\nYopass is a project for sharing secrets in a quick and secure manner.\nThe sole purpose of Yopass is to minimize passwords floating around in ticket management systems, Slack messages, and emails. Messages are encrypted/decrypted locally in the browser and sent to Yopass without the decryption key, which is only visible once during encryption. Yopass then returns a one-time URL with a specified expiry date.\n\nThere is no perfect way of sharing secrets online, and there is a trade-off in every implementation. Yopass is designed to be as simple and \"dumb\" as possible without compromising security. There's no mapping between the generated UUID and the user who submitted the encrypted message. It's always best to send all context except the password over another channel.\n\n**[Demo available here](https://yopass.se)**. It's recommended to host yopass yourself if you care about security.\n\n- End-to-End encryption using [OpenPGP](https://openpgpjs.org/)\n- Secrets can only be viewed once\n- No accounts or user management required\n- Secrets self destruct after X hours\n- Custom password option\n- Limited file upload functionality\n\n## History\n\nYopass was first released in 2014 and has since been maintained by me and contributed to by this fantastic group of [contributors](https://github.com/jhaals/yopass/graphs/contributors). Yopass is used by many large corporations, some of which are listed below.\n\nIf you are using Yopass and want to support the project beyond code contributions, you can give thanks via email, consider donating, or give consent to list your company name as a user of Yopass in this readme.\n\n## Trusted by\n\n- [Doddle LTD](https://doddle.com)\n- [Spotify](https://spotify.com)\n- [Gumtree Australia](https://www.gumtreeforbusiness.com.au/)\n\n## Command-line interface\n\nThe main motivation of Yopass is to make it easy for everyone to share secrets quickly via a simple web interface. A command-line interface is also provided to support use cases where program output needs to be shared.\n\n```console\n$ yopass --help\nYopass - Secure sharing for secrets, passwords and files\n\nFlags:\n      --api string          Yopass API server location (default \"https://api.yopass.se\")\n      --decrypt string      Decrypt secret URL\n      --expiration string   Duration after which secret will be deleted [1h, 1d, 1w] (default \"1h\")\n      --file string         Read secret from file instead of stdin\n      --key string          Manual encryption/decryption key\n      --one-time            One-time download (default true)\n      --url string          Yopass public URL (default \"https://yopass.se\")\n\nSettings are read from flags, environment variables, or a config file located at\n~/.config/yopass/defaults.\u003cjson,toml,yml,hcl,ini,...\u003e in this order. Environment\nvariables have to be prefixed with YOPASS_ and dashes become underscores.\n\nExamples:\n      # Encrypt and share secret from stdin\n      printf 'secret message' | yopass\n\n      # Encrypt and share secret file\n      yopass --file /path/to/secret.conf\n\n      # Share secret multiple time a whole day\n      cat secret-notes.md | yopass --expiration=1d --one-time=false\n\n      # Decrypt secret to stdout\n      yopass --decrypt https://yopass.se/#/...\n\nWebsite: https://yopass.se\n```\n\nThe following options are currently available to install the CLI locally.\n\n- Compile from source (requires Go \u003e= v1.21)\n\n  ```console\n  go install github.com/jhaals/yopass/cmd/yopass@latest\n  ```\n\n## Installation / Configuration\n\nHere are the server configuration options.\n\nCommand line flags:\n\n```console\n$ yopass-server -h\n      --address string             listen address (default 0.0.0.0)\n      --database string            database backend ('memcached' or 'redis') (default \"memcached\")\n      --max-length int             max length of encrypted secret (default 10000)\n      --memcached string           Memcached address (default \"localhost:11211\")\n      --metrics-port int           metrics server listen port (default -1)\n      --port int                   listen port (default 1337)\n      --redis string               Redis URL (default \"redis://localhost:6379/0\")\n      --tls-cert string            path to TLS certificate\n      --tls-key string             path to TLS key\n      --cors-allow-origin          Access-Control-Allow-Origin CORS setting (default *)\n      --force-onetime-secrets      reject non onetime secrets from being created\n      --disable-upload             disable the /file upload endpoints\n      --prefetch-secret            display information that the secret might be one time use (default true)\n      --disable-features           disable features section on frontend\n      --no-language-switcher       disable the language switcher in the UI\n      --trusted-proxies strings    trusted proxy IP addresses or CIDR blocks for X-Forwarded-For header validation\n      --privacy-notice-url string  URL to privacy notice page\n      --imprint-url string         URL to imprint/legal notice page\n```\n\nEncrypted secrets can be stored either in Memcached or Redis by changing the `--database` flag.\n\n### Proxy Configuration\n\nWhen Yopass is deployed behind a reverse proxy or load balancer (such as Nginx, Caddy, Cloudflare, or AWS ALB), you may want to log the real client IP addresses instead of the proxy's IP. Yopass supports trusted proxy configuration for secure handling of `X-Forwarded-For` headers.\n\n**Security Note**: X-Forwarded-For headers are only trusted when requests come from explicitly configured trusted proxies. This prevents IP spoofing from untrusted sources.\n\n#### Examples:\n\n```bash\n# Trust a single proxy IP\nyopass-server --trusted-proxies 192.168.1.100\n\n# Trust multiple proxy IPs\nyopass-server --trusted-proxies 192.168.1.100,10.0.0.50\n\n# Trust proxy subnets (CIDR notation)\nyopass-server --trusted-proxies 192.168.1.0/24,10.0.0.0/8\n\n# Environment variable (useful for Docker)\nexport TRUSTED_PROXIES=\"192.168.1.0/24,10.0.0.0/8\"\nyopass-server\n```\n\n#### Common Proxy Scenarios:\n\n- **Nginx/Apache**: Use the IP address of your reverse proxy server\n- **Cloudflare**: Use Cloudflare's IP ranges (available from their documentation)\n- **AWS ALB/ELB**: Use your VPC's CIDR block or the load balancer's subnet\n- **Docker networks**: Use the Docker network's gateway IP or subnet\n\nWithout trusted proxies configured, Yopass will always use the direct connection IP for security, which is the recommended default behavior.\n\n### Docker Compose\n\nUse the Docker Compose file `deploy/with-nginx-proxy-and-letsencrypt/docker-compose.yml` to set up a Yopass instance with TLS transport encryption and automatic certificate renewal using [Let's Encrypt](https://letsencrypt.org/). First, point your domain to the host where you want to run Yopass. Then replace the placeholder values for `VIRTUAL_HOST`, `LETSENCRYPT_HOST`, and `LETSENCRYPT_EMAIL` in the docker-compose.yml file with your values. Change to the deployment directory and start the containers:\n\n```console\ndocker-compose up -d\n```\n\nYopass will then be available under the domain you specified through `VIRTUAL_HOST` / `LETSENCRYPT_HOST`.\n\nAdvanced users who already have a reverse proxy handling TLS connections can use the `insecure` setup:\n\n```console\ncd deploy/docker-compose/insecure\ndocker-compose up -d\n```\n\nThen point your reverse proxy to `127.0.0.1:80`.\n\n### Docker\n\nWith TLS encryption\n\n```console\ndocker run --name memcached_yopass -d memcached\ndocker run -p 443:1337 -v /local/certs/:/certs \\\n    --link memcached_yopass:memcached -d jhaals/yopass --memcached=memcached:11211 --tls-key=/certs/tls.key --tls-cert=/certs/tls.crt\n```\n\nYopass will then be available on port 443 through all IP addresses of the host, including public ones. To limit availability to a specific IP address, use `-p 127.0.0.1:443:1337`.\n\nWithout TLS encryption (needs a reverse proxy for transport encryption):\n\n```console\ndocker run --name memcached_yopass -d memcached\ndocker run -p 127.0.0.1:80:1337 --link memcached_yopass:memcached -d jhaals/yopass --memcached=memcached:11211\n```\n\nThen point your reverse proxy that handles TLS connections to `127.0.0.1:80`.\n\n### Kubernetes\n\n```console\nkubectl apply -f deploy/yopass-k8.yaml\nkubectl port-forward service/yopass 1337:1337\n```\n\n_This is meant to get you started, please configure TLS when running yopass for real._\n\n## Monitoring\n\nYopass optionally provides metrics in the [OpenMetrics][] / [Prometheus][] text\nformat. Use flag `--metrics-port \u003cport\u003e` to let Yopass start a second HTTP\nserver on that port making the metrics available on path `/metrics`.\n\nSupported metrics:\n\n- Basic [process metrics][] with prefix `process_` (e.g. CPU, memory, and file descriptor usage)\n- Go runtime metrics with prefix `go_` (e.g. Go memory usage, garbage collection statistics, etc.)\n- HTTP request metrics with prefix `yopass_http_` (HTTP request counter, and HTTP request latency histogram)\n\n[openmetrics]: https://openmetrics.io/\n[prometheus]: https://prometheus.io/\n[process metrics]: https://prometheus.io/docs/instrumenting/writing_clientlibs/#process-metrics\n\n## Translations\n\nYopass accepts translations for additional languages. The frontend includes internationalization support using react-i18next, see [current translations](https://github.com/jhaals/yopass/blob/master/website/src/shared/lib/i18n.ts). Translation contributions are welcome via pull requests, see example [here](https://github.com/jhaals/yopass/pull/3024) for adding a new language.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjhaals%2Fyopass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjhaals%2Fyopass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjhaals%2Fyopass/lists"}