https://github.com/secrethash/secrets-app

Secrets Sharing Application
https://github.com/secrethash/secrets-app

Last synced: 24 days ago
JSON representation

Secrets Sharing Application

• Host: GitHub
• URL: https://github.com/secrethash/secrets-app
• Owner: secrethash
• License: mit
• Created: 2024-11-16T21:04:42.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2024-12-08T07:40:02.000Z (5 months ago)
• Last Synced: 2025-04-09T19:57:38.456Z (24 days ago)
• Language: TypeScript
• Size: 410 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        

Sharing Secrets with Confidence


# Secrets Sharing App

> :warning: **This is a completely experimental (proof-of-concept) project and should be used at your own risk.**

Secret sharing application using Asymmetric Encryption (public/private key pair). We can create a new Key Pair and save the Public Key to a Supabase DB table. We can then encrypt a secret with the Public Key and decrypt it with the Private Key.

The encryption & decryption is done using `RSA-OAEP` algorithm, for which the keys are 2048 bits long & supports asymmetric encryption. The application generates & accepts Private & Public Keys in `JWK` format.

## On-click deploy

[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fsecrethash%2Fsecrets-app%2Ftree%2Fmain&env=NEXT_PUBLIC_SUPABASE_URL,NEXT_PUBLIC_SUPABASE_ANON_KEY&envDescription=Supabase%20URL%20%26%20Keys&project-name=secrets-sharing-app&repository-name=secrets-sharing-app&redirect-url=https%3A%2F%2Fgithub.com%2Fsecrethash%2Fsecrets-app%2Ftree%2Fmain)

## Use Case (example)

- Securely Sharing Username/Password with a team member over an email as an encrypted text

- Sharing `.env` files with a team member over slack/teams as an encrypted text

- Sharing sensitive information with a third party

- Sharing sensitive information with a client

## Features

- 🔑 Create new Key Pair (public/private)

- 🛅 Save Public Keys to Supabase DB table

- 🔐 Encrypt a secret with a Public Key (also fetch from supabase)

- 🔓 Decrypt a secret only by a Private Key

## Roadmap

- [x] **Persistence:** Add Supabase DB table to store Public Keys with titles

- [x] **Authn:** Add Authentication using [Supabase Auth](https://supabase.com/docs/guides/auth/server-side/nextjs)

- [ ] **Security:** Add ECDSA (Elliptic Curve Digital Signature Algorithm) or ECDH (Elliptic Curve Diffie-Hellman) support to sign the encrypted secrets for increased security

- [ ] **Chore:** Cleanup application code style and structure (project was created as a Proof of Concept)

- [ ] **Authz:** Limit fetch from supabase for authenticated & authorized users (something roles/permissions)

## Installation

Install the dependencies:

```bash

bun install

```

## Getting Started

1. Copy the `.env.example`  file to  `.env.local`  and fill in the values.

    ```bash

    cp .env.example .env.local

    ```

2. Setup Supabase credentials in `.env.local`

3. Create a `public_keys` table in Supabase with the following schema:

    > 💡 You can go to your Project > SQL Editor (left sidebar) > paste the following SQL query and execute it

    ```pgsql

    create table

        public.public_keys (

            id uuid not null default gen_random_uuid (),

            title text null,

            key text null,

            created_at timestamp with time zone not null default now(),

            constraint public_keys_pkey primary key (id),

            constraint public_keys_title_key unique (title)

        ) tablespace pg_default;

    ```

4. Make sure the **Row Level Security (RLS)** policy are set properly in Supabase for the table `public_keys`. Make sure the `INSERT` & `SELECT` policies have the role `anon` & `authenticated` set.

5. Run the development server:

    ```bash

    bun dev

    ```

    > Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.

## Registration

As this tool is meant for internal or personal use, the registration is limited to your projects organization members only (on supabase). To open up the registration you may need to setup custom SMTP provider in the [Supabase Authentication](https://supabase.com/docs/guides/auth/auth-smtp) settings.

## Disclaimer

This project is for internal purposes only. It is not intended to be used for any production environment. The author or contributors are not responsible for any damages caused by the use of this project. Use it at your own risk.

## Licence

This project is an open-sourced software licensed under the [MIT license](./LICENSE.md).