How it works
`hushhh` is a simple and secure tool designed for sharing sensitive information with a unique one-time access policy. Here's a quick overview of how it ensures your secrets remain confidential:
1. Create Your Secret
Simply paste your sensitive content into the provided text area on the homepage. You can then choose an expiration time for your secret (e.g., 1 hour, 24 hours, 7 days, or 1 month).
2. End-to-End Encryption (E2EE)
By default, your secrets are encrypted directly in your browser before being sent to our server. This means the server never sees your unencrypted data. The decryption key is appended to the URL fragment, ensuring that only the recipient with the full URL can decrypt and view the secret in their browser. (Note: E2EE is disabled if cURL support is enabled for a secret).
3. One-Time Access
Once a secret is retrieved, either through the web interface or via the API, it is immediately and permanently deleted from our storage. This guarantees that the secret can only be viewed once, enhancing its security.
4. View Confirmation
To prevent accidental consumption, when accessing a secret URL, you'll be presented with a confirmation screen. You must explicitly click "View Secret" to reveal its content and trigger its deletion.
5. API Access
For programmatic access, you can retrieve secrets using a simple HTTP GET request. A `?raw=true` query parameter allows you to get just the secret content. There's also an API endpoint to check if a secret exists without consuming it.