AHA-Secret Documentation

Encrypt your message, store it encrypted and share a link

Get started now View it on GitHub

Sensitive information should not be stored in a mailbox or chat history.

aha-secret allows you to store a secret message encrypted. Only the generated link could decrypt the message again. The message is encrypted by your browser and decrypted by the browser of the person who is allowed to read it. The first time someone clicks on the link, the message is automatically deleted from the server. After the secret was deleted from the server, the link does not work anymore. By using aha-secret users will only send weblinks to other users and those weblinks can only be used once. In addition to the one-time-secret, the server will also automatically delete unrevealed messages after a maximum of seven days.

Features

  • 100% Free Open Source Software ❤️
  • End-to-end encryption
  • One-Time-Secret.
  • Self destruction
  • No registration
  • Ratelimit
  • Command-Line Client in Rust: aha-cli
  • Minimum Features / Dependencies

Installation

Even if aha-secret can be installed manually or by using docker it is recommended to use docker-compose. For installation instructions please read the Getting started or the Installation section. For customization or all the configuration options read the section Configuration. For advanced configuration and all environment variables, see the Configuration documentation.

Translations

aha-secret has translations for the following languages:

  • German 🇩🇪
  • English 🇬🇧

License

License: GPL v3

Environment Variables

The application is configured using environment variables. Use the new AHA_SECRET_* variables for all new deployments. Deprecated variables are supported for backward compatibility but should be avoided.

See the Configuration page for a complete list and details.

Example:

AHA_SECRET_BASE_URL=http://localhost
AHA_SECRET_MEMCACHE_URL=localhost:11211
AHA_SECRET_SESSION_SECRET=your-secret
AHA_SECRET_APP_LOCALE=en
AHA_SECRET_CLEANUP_SCHEDULE=10m
AHA_SECRET_RATE_LIMIT=64
AHA_SECRET_RATE_LIMIT_PERIOD=60
AHA_SECRET_MAX_MSG_LENGTH=20000
SKIP_SCHEDULER=true
  • For tests, SKIP_SCHEDULER=true is set automatically to avoid running background jobs.
  • For CI, CI=true and other test-specific variables are set automatically.

Deprecated: MEMCACHE, SESSION_SECRET, APP_LOCALE, URL, PERMITTED_ORIGINS (use the new AHA_SECRET_* variables instead).