sup3rS3cretMes5age
A secure self-destructing message service that uses HashiCorp Vault for one-time secret sharing.
Smart Download
Visit Project Homepage
No installer available yet — head to the source repository
Secure self-destructing message service using HashiCorp Vault as backend, messages vanish after first read.
Core Features
- Self-destructing messages: automatically deleted after first read
- Configurable TTL: default 48h, max 7 days
- File upload support: up to 50MB with base64 encoding
- Vault-backed security: uses cubbyhole for tamper-proof storage
- One-time tokens: Vault tokens with exactly 2 uses (create + retrieve)
What It Can't Do
- •Always enable HTTPS in production (via env variables or reverse proxy) to prevent message interception. Requires a production Vault server (not dev mode). Rotate Vault tokens regularly. Default rate limit (10 req/s) may need adjustment for high traffic. File upload up to 50MB; base64 encoding increases size by ~33%.
Use Cases
- Share passwords or API keys temporarily with colleagues
- Send one-time login links or verification codes
- Transmit short-lived confidential configuration
- Securely pass sensitive information over insecure channels (email, chat)
sup3rS3cretMes5age is a lightweight, secure web application for sharing sensitive information via self-destructing messages. It stores secrets in HashiCorp Vault's cubbyhole backend, ensuring messages are automatically deleted after being read once. Features include configurable TTL (default 48h, max 7 days), file upload support up to 50MB, one-time Vault tokens, built-in rate limiting (10 req/s), automatic TLS via Let's Encrypt, and a tiny JavaScript footprint (8.9KB, no jQuery). It offers Docker Compose for quick local setup and a Helm chart for Kubernetes deployment. The entire frontend is self-hosted for privacy, with no external CDNs or trackers. Ideal for sharing passwords, API keys, or confidential notes with confidence that they will vanish after reading.
Tags
Getting Started
Download installer
Click the button above to download the installer for your system
Install the software
Double-click the downloaded installer and follow the prompts
Step 1: git clone https://github.com/algolia/sup3rS3cretMes5age.git && cd sup3rS3cretMes5age
Step 2: Run make run (starts Vault and the web service)
Step 3: Open browser to http://localhost:8082
- Step 1: git clone https://github.com/algolia/sup3rS3cretMes5age.git && cd sup3rS3cretMes5age
- Step 2: Run make run (starts Vault and the web service)
- Step 3: Open browser to http://localhost:8082
Checksum not available
This project has not published a SHA-256 checksum on its GitHub Release page
SHA256 Checksum
No checksum available
Download directly from GitHub Releases and verify file integrity yourself
All SHA-256 checksums on this platform are extracted from the project's official GitHub Release page, without any modification. You can independently verify them on the GitHub Releases page.
Open Source Transparency
View GitHub SourceUninstall Info
To uninstall, run 'docker compose -f deploy/docker-compose.yml down' to remove containers and network. For local build, delete the binary and cloned directory.
No Extra Dependencies
Ready to use after download. No additional runtime required.
Having issues? Check the FAQ below
3 FAQs
Similar Projects
uBlock Origin
uBlock Origin is a wide-spectrum content blocker for Chromium and Firefox that is CPU and memory efficient. Blocks ads, trackers, miners, and malware out of the box.
syncthing
A continuous file synchronization program that syncs files between devices securely and automatically, with no central server.
Vaultwarden
A lightweight, self-hosted Bitwarden server alternative written in Rust, compatible with official clients.