ProductPromotion
Logo

Open.Source

made by https://0x3d.site

GitHub - HemmeligOrg/Hemmelig.app: Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets. - HemmeligOrg/Hemmelig.app
Visit Site

GitHub - HemmeligOrg/Hemmelig.app: Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.

GitHub - HemmeligOrg/Hemmelig.app: Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.

Docker pulls Quality Gate Status Better Uptime Badge

SaaS

Hemmelig is available at https://hemmelig.app

https://github.com/user-attachments/assets/fb237fdb-d811-4809-9d01-e0bb6e2b50be

How it works

  1. Visit https://hemmelig.app and enter your sensitive information
  2. Configure your secret:
    • Set expiration time
    • Add optional password
    • Set view limits or IP restrictions
  3. Click "Create secret link" to generate a secure URL
  4. Share the generated link with your recipient

The security model works by:

  • Generating a unique encryption key for each secret
  • Performing all encryption in your browser before sending to the server
  • Including the decryption key only in the URL fragment (never stored on server)
  • Server only stores the encrypted data, never the plain text or keys

Example encryption flow:

encryptedData = encrypt(yourSecretData, uniqueEncryptionKey)
// Only encryptedData is sent to server
// uniqueEncryptionKey is only shared via URL

Features

Core Security

  • Client-side encryption for all private content
  • Decryption key stored only in URL fragment, never in database
  • Optional password protection layer
  • IP address restriction capabilities
  • Rate-limited API for abuse prevention

Secret Management

  • Configurable secret lifetime
  • Maximum view count limits
  • Optional encrypted titles
  • Base64 conversion support
  • Rich text formatting with inline image support

File Handling

  • Encrypted file uploads for authenticated users
  • File size and type restrictions

Sharing Options

  • Separate sharing of secret link and decryption key
  • QR code generation for secret links
  • Public paste option:
    • IP address logging for public pastes
    • No file upload support
    • Username-based public paste listing

User Features

  • Extended secret expiration (14 and 28 days)
  • Personal file upload management
  • Secret listing and deletion
  • Account management

Administrative Controls

  • User registration management
  • Read-only mode for non-admin users
  • File upload restrictions
  • User account creation controls
  • Organization email domain restrictions

Deployment Options

  • Self-hosted version available
  • SQLite database with Prisma ORM
  • CLI support for automation
  • Regulatory compliance support

Docker image

Hemmelig strongly advice you to ue the tagged docker images as the main branch will have breaking changes now and then. For Hemmelig versions supporting Redis, use <= v4.4.0.

Supported docker platforms: amd/64, arm/64.

  • hemmeligapp/hemmelig:latest (Is created on each version release)
  • hemmeligapp/hemmelig:v5 (Is created on each version release for the major version)
  • hemmeligapp/hemmelig:v5.19 (Is created on each version release for the major and minor version)
  • hemmeligapp/hemmelig:v5.19.28 see tags for all version
  • hemmeligapp/hemmelig:weekly (pushed every week on Friday)
  • hemmeligapp/hemmelig:daily

Self-hosting

If you have to follow some sort of compliance, and have to self-host, https://hemmelig.app is available as a docker image. The following is the bare minimum to run the docker image.

mkdir -p data/hemmelig database
chown 1000:1000 data/hemmelig database

docker run -p 3000:3000 -d --name=hemmelig \
   -v ./data/hemmelig/:/var/tmp/hemmelig/upload/files \ # For the file uploads
   -v ./database/:/home/node/hemmelig/database/ \       # For the sqlite database
   hemmeligapp/hemmelig:v5.19.4

Alternatively you can use docker compose:

NEW: Sign in with Github and edit the docker-compose.yml here https://www.dockerfile.app/docker-compose/cm2qfl57s00061059n94ruje5

# fetch docker-compose.yml
wget https://raw.githubusercontent.com/HemmeligOrg/Hemmelig.app/main/docker-compose.yml

# create volumes directories
mkdir -p data/hemmelig database

# set permissions (Node user has UID 1000 within the container)
chown 1000:1000 data/hemmelig database

# start hemmelig 
docker compose up -d

# stop containers
docker compose down

Have a look at the Dockerfile for a full example of how to run this application.

CLI

Hemmelig can be used as a CLI to create secrets on the fly!

# Pipe data to hemmelig
cat mysecretfile | npx hemmelig

# For the documentaiton
npx hemmelig --help

Environment variables

ENV vars Description Default
SECRET_LOCAL_HOSTNAME The local hostname for the fastify instance 0.0.0.0
SECRET_PORT The port number for the fastify instance 3000
SECRET_HOST Used for i.e. set cors/cookies to your domain name ""
SECRET_MAX_TEXT_SIZE The max text size for the secret. Is set in kb. i.e. 256 for 256kb. 256
SECRET_JWT_SECRET Override this for the secret signin JWT tokens for log in good_luck_have_fun
SECRET_ROOT_USER Override this for the root account username groot
SECRET_ROOT_PASSWORD This is the root password, override it with your own password iamgroot
SECRET_ROOT_EMAIL This is the root email, override it with your own email [email protected]
SECRET_FILE_SIZE Set the total allowed upload file size in mb. 4
SECRET_FORCED_LANGUAGE Set the default language for the application. en
SECRET_UPLOAD_RESTRICTION Set the restriction for uploads to signed in users "true"
SECRET_RATE_LIMIT_MAX The maximum allowed requests each time frame 1000
SECRET_RATE_LIMIT_TIME_WINDOW The time window for the requests before being rate limited in seconds 60
SECRET_DO_SPACES_ENDPOINT The Digital Ocean Spaces/AWS s3 endpoint ""
SECRET_DO_SPACES_KEY The Digital Ocean Spaces/AWS s3 key ""
SECRET_DO_SPACES_SECRET The Digital Ocean Spaces/AWS s3 secret ""
SECRET_DO_SPACES_BUCKET The Digital Ocean Spaces/AWS s3 bucket name ""
SECRET_DO_SPACES_FOLDER The Digital Ocean Spaces/AWS s3 folder for the uploaded files ""
SECRET_AWS_S3_REGION The Digital AWS s3 region ""
SECRET_AWS_S3_KEY The Digital AWS s3 key ""
SECRET_AWS_S3_SECRET The Digital AWS s3 secret ""
SECRET_AWS_S3_BUCKET The Digital AWS s3 bucket name ""
SECRET_AWS_S3_FOLDER The Digital AWS s3 folder for the uploaded files ""

Supported languages

Have a look at the public/locales/ folder.

Run locally

npm install

# Start the frontend/backend
npm run dev
# http://0.0.0.0:3001

Database

Hemmelig has changed from using Redis as an backend to sqlite. Here we are using Prisma, and the sqlite file is available here: /database/hemmelig.db. Have a look at the docker-compose.yml file for how to handle the database.

Admin, roles and settings

Admins have access to adjust certain settings in Hemmelig. If you go to the account -> instance settings, you can see all the settings.

We also have different roles.

  • Admin
  • Creator
  • User

The difference here is that if you i.e. set Hemmelig to be in read only mode, only admin and creator is allowed to create secrets, but non signed in users, and users with the role user can only view them.

Admins are also allowed to create new users in the settings. This is great if you want to limit who your users are by the disable user account creation setting.

My lovely contributors

Contribution

Feel free to contribute to this repository. Have a look at CONTRIBUTION.md for the guidelines.

Common errors

If this errors occur on the first run of your hemmelig instance, this means there are some issues with the ownership of the files/directory for the database.

Datasource "db": SQLite database "hemmelig.db" at "file:../database/hemmelig.db"

Error: Migration engine error:
SQLite database error
unable to open database file: ../database/hemmelig.db

If you have any issues with uploading files for your instance, you will need the following as well:

Here is an example of how you would solve that:

sudo chown -R username.group /home/username/data/
sudo chown -R username.group /home/username/database/

Articles
to learn more about the open-source concepts.

Resources
which are currently available to browse on.

mail [email protected] to add your project or resources here 🔥.

FAQ's
to know more about the topic.

mail [email protected] to add your project or resources here 🔥.

Queries
or most google FAQ's about Open-Source.

mail [email protected] to add more queries here 🔍.

More Sites
to check out once you're finished browsing here.

0x3d
https://www.0x3d.site/
0x3d is designed for aggregating information.
NodeJS
https://nodejs.0x3d.site/
NodeJS Online Directory
Cross Platform
https://cross-platform.0x3d.site/
Cross Platform Online Directory
Open Source
https://open-source.0x3d.site/
Open Source Online Directory
Analytics
https://analytics.0x3d.site/
Analytics Online Directory
JavaScript
https://javascript.0x3d.site/
JavaScript Online Directory
GoLang
https://golang.0x3d.site/
GoLang Online Directory
Python
https://python.0x3d.site/
Python Online Directory
Swift
https://swift.0x3d.site/
Swift Online Directory
Rust
https://rust.0x3d.site/
Rust Online Directory
Scala
https://scala.0x3d.site/
Scala Online Directory
Ruby
https://ruby.0x3d.site/
Ruby Online Directory
Clojure
https://clojure.0x3d.site/
Clojure Online Directory
Elixir
https://elixir.0x3d.site/
Elixir Online Directory
Elm
https://elm.0x3d.site/
Elm Online Directory
Lua
https://lua.0x3d.site/
Lua Online Directory
C Programming
https://c-programming.0x3d.site/
C Programming Online Directory
C++ Programming
https://cpp-programming.0x3d.site/
C++ Programming Online Directory
R Programming
https://r-programming.0x3d.site/
R Programming Online Directory
Perl
https://perl.0x3d.site/
Perl Online Directory
Java
https://java.0x3d.site/
Java Online Directory
Kotlin
https://kotlin.0x3d.site/
Kotlin Online Directory
PHP
https://php.0x3d.site/
PHP Online Directory
React JS
https://react.0x3d.site/
React JS Online Directory
Angular
https://angular.0x3d.site/
Angular JS Online Directory