Skip to content
/ onetimesecret Public
forked from onetimesecret/onetimesecret

Keep sensitive info out of your email & chat logs. [Containerized]

License

MIT license
10 stars 382 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

siw36/onetimesecret

BranchesTags
 
 

Repository files navigation

One Time Secret Docker Image

This repository is a fork of th awesome project onetimesecret (https://onetimesecret.com/).

Differences from the original

  • Containerized (Docker image)
  • Deployable on Kubernetes and OpenShift
  • No accounts and paid features, just secret sharing
  • Customizable for your project/company (through environment variables)

Image details

  • Base image: ruby:2.6-buster (official image from Docker Hub) Ruby Icon
  • This image is designed to run on Kubernetes/OpenShift together with a REDIS container in a pod (see examples).
  • The container can and should be run unprivileged (leveraging the OCP arbitrary user ID feature).
  • Pre build docker images:
  • hub.docker.com siw36/onetimesecret Build on Docker Hub
  • quay.io siw36/onetimesecret Build on Quay

Variables

Name Description Default value
OTS_DOMAIN The domain name, which points to this instance <none - required to be set>
OTS_MASTER_KEY Global secret (gets combined with the users key to encrypt the secret) <none - required to be set>
OTS_REDIS_PW Password for REDIS access <none - required to be set>
OTS_REDIS_HOST The hostname or IP address of the REDIS instance <none - required to be set>
OTS_REDIS_PORT The port of the REDIS instance <none - required to be set>
OTS_SSL Use SSL or not true
OTS_CREATE_SECRET 250
OTS_CREATE_ACCOUNT 10
OTS_UPDATE_ACCOUNT 10
OTS_EMAIL_RECIPIENT 50
OTS_SEND_FEEDBACK 10
OTS_AUTHENTICATE_SESSION 5
OTS_HOMEPAGE 500
OTS_DASHBOARD 1000
OTS_FAILED_PASSPHRASE 5
OTS_SHOW_METADATA 1000
OTS_SHOW_SECRET 1000
OTS_BURN_SECRET 1000
OTS_IMAGE_FAV_ICON link to the custom icon (png) <none - defaults to the original icon>
OTS_IMAGE_LOGO link to the custom logo (png) <none - defaults to the original logo>
OTS_COLOR CSS color code (#XXXXXX) #dd4a22

OpenShift specifics

Attach the default pull secret to the ots service account

oc secrets link ots <pull secret here> --for=pull

Make sure to use the OCP oauth proxy for your current cluster version registry.redhat.io/openshift4/ose-oauth-proxy:v4.X

OpenShift deployment config

You can find an example template for OTS on OCP in the examples folder.

About

Keep sensitive info out of your email & chat logs. [Containerized]

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

7 tags

Packages

No packages published

Languages

  • Ruby 39.3%
  • Mustache 23.8%
  • CSS 15.8%
  • JavaScript 13.4%
  • HTML 4.4%
  • PHP 1.8%
  • Other 1.5%