Share a secret. It self-destructs after being read. No trace. No server-side keys.
A newer version of share-secret-v1
| Feature | Details | |
|---|---|---|
| 🔑 | Zero-Knowledge Architecture | Secrets are encrypted entirely in the browser. The server never sees plaintext. |
| 🛡️ | AES-GCM-256 Encryption | Authenticated encryption that prevents any server-side data tampering. |
| 🧠 | PBKDF2 Key Derivation | 10,000-iteration SHA-256 hardening against GPU brute-force attacks. |
| 📦 | Web Crypto API — Zero Dependencies | All cryptography uses the browser's built-in, hardware-accelerated engine. No third-party crypto libraries. |
| ⏳ | One-Time Self-Destructing Links | The secret is permanently deleted from the database the instant it is viewed. |
| 🔗 | Customizable URL Length | Choose from 8, 16, 24, or 32 character links. |
| 📲 | QR Code Generation | Every secret link is instantly rendered as a scannable QR code. |
| 🐳 | Production-Ready Docker Stack | Multi-stage build — Apache + PHP 8.2 + MySQL 8.0, fully containerized. |
[ Secret Text ] + [ Optional Password ]
│
▼ PBKDF2 (10,000 iterations) + AES-GCM-256 — runs only in the browser
[ Encrypted Ciphertext ]
│
▼ Sent over HTTPS to the server
[ Stored encrypted in MySQL ]
│
▼ Recipient opens the unique link
[ Server returns ciphertext, then immediately DELETES the record ]
│
▼ Browser decrypts locally using the key from the URL
[ Plaintext — visible only to the recipient ]
This project is fully containerized with a multi-stage Docker build. The React frontend is compiled in an isolated Node.js builder stage and the output is embedded into the final PHP/Apache image — no Node.js runtime in production.
- Docker & Docker Compose installed
git clone https://github.com/alienars/scrt.git
cd scrt
docker compose up -d --buildOpen your browser and visit http://localhost:8080 ✅
First run: MySQL takes ~15 seconds to initialize on first startup. If you see a connection error, wait a moment and refresh the page.
Configure the stack by editing the environment section in docker-compose.yml:
| Variable | Description | Default |
|---|---|---|
DB_HOST |
MySQL service hostname | db |
DB_NAME |
MySQL database name | scrt |
DB_USER |
MySQL username | scrt_user |
DB_PASS |
MySQL password | scrt_password |
ALLOWED_ORIGINS |
Comma-separated allowed CORS origins | http://localhost:8080,http://localhost:3000 |
WEBSITE_URL |
Base URL for generated secret links | http://localhost:8080/?u= |
⚠️ For production, change all default passwords and setALLOWED_ORIGINSandWEBSITE_URLto your actual domain.
┌────────────────────────────────────────────┐
│ Docker Network (scrt_network) │
│ │
│ ┌─────────────────────┐ ┌─────────────┐ │
│ │ scrt_web │ │ scrt_db │ │
│ │ PHP 8.2 + Apache │◄─► MySQL 8.0 │ │
│ │ React 19 (dist/) │ │ (db_data) │ │
│ │ port 80 │ │ port 3306 │ │
│ └─────────────────────┘ └─────────────┘ │
│ │ │
└──────────────┼─────────────────────────────┘
│ :8080
Browser
| Detail | Description |
|---|---|
| Multi-stage build | Node 20 Alpine compiles React; output is copied into the PHP/Apache image. No Node.js in production. |
| Persistent volume | db_data retains all data across container restarts and full rebuilds. |
| Auto schema init | init.sql is executed once by MySQL on the very first container launch. |
| URL rewriting | Apache mod_rewrite handles SPA client-side routing. |
| Layer | Technologies |
|---|---|
| Frontend | React 19 · TypeScript 5 · Vite 6 · Tailwind CSS v4 · React Hook Form · Yup |
| Testing | Vitest · Cypress |
| Backend | PHP 8.2 · PDO · Apache 2 · mod_rewrite |
| Security | Web Crypto API · AES-GCM-256 · PBKDF2-SHA256 · Parameterized SQL |
| Infrastructure | Docker · Docker Compose · MySQL 8.0 · Multi-stage Build |
Developed and designed by RA8.ir