Share secrets such as passwords, API keys, and SSL certificates simply and securely.
Your secret is yours to keep and share
TopSekr.it uses state-of-the-art encryption to keep your data safe AND we don't store keys or unencrypted secrets in our database.
It works fast and is conveniently forgetful
TopSekr.it doesn't store the encrypted data longer than absolutely necessary. As soon as your recipient reads the secret, even the encrypted data is permanently deleted from our servers.
It's simple & efficient
All you need is a valid email. No new passwords to remember, no accounts to worry about.
We'll never use this email for anything other than sending secrets requested by you.
This confirms your email is who you say you are so you can then send secrets to other people.
You add the secret, ensure the recipient is correct, any comments and also set when your secret should expire.
Once they view the secret, all sensitive data is deleted from our servers. We keep a log of senders-recipients but not the secrets themselves.
Shhh! It's a secret!
Your private data is encrypted with a salt and IV using the aes-256-cbc algorithm. Only the encrypted secret is stored and the key is emailed to your receipient within the link they need to click to read it. We don't store the key on our servers, so once sent, that's it, you, us, anyone except the person recieving the email can not decrypt the secret.
Also, if the secret isn’t read before the provided expiry time the encrypted version is also automatically deleted.
Nice and simple. We like it that way :)
Why is this useful?
Instead of secrets being sent by email, in support systems, via instant messaging services or the like, a unique link is sent instead, which only works once.
This way, only an unusable link will remain protecting the secret from further prying eyes.
Why should we trust you?
We built this service to solve our own problem of sharing secrets with customers. We know trust is a thing, so we open sourced the whole project for any peer review.
If you find something, please let us know or send a pull request and we'll get it fixed.
Are secrets stored?
Yes, but encrypted with a one way cipher that we don't have the key for. The key is only sent to the receipient you specify.
Once the secret is read by the recipient, we even delete the encrypted version from the database, just leaving the meta data behind so in future versions you can have a dashboard to see what you sent to whom (comming soon).
How much does this cost?
It's free for you to use to send secrets to whomever you want - we just ask that you don't do anything that could be against the law or harrass anyone with this service.
We might introduce a paid version to allow other things (like history) or sending larger files and the like, but all of that is still being worked out, for now, enjoy :)
Can we run our own copy?
Of course, we just ask you don't compete with this service in doing so by only use it internally for your staff and clients.
We trust you to do the right thing :)
TopSekr.it is available for anyone to use, it is a Ruby on Rails application created and built by reinteractive and hosted thorugh reinteractive's OpsCare service. It has been made open source to ensure transparency on the service and to encourage contribution to improve the security of the application.
It is free to use and is governed by our Terms and Conditions.
If you do not want to (or can not) use our hosted version, you are welcome to run your own version for your own company or organisation, we only stipulate that you may not run it as a service for third parties in competition to https://TopSekr.it/
If you would like assistance getting TopSekr.it (or any other Rails application) setup, hosted and maintained on AWS, please consider contacting us to get more information about our Ruby on Rails OpsCare and CodeCare services.