Yopass

Yopass is a lightweight, self‑hosted pastebin designed explicitly for the secure exchange of secrets. From a technical standpoint it operates as a stateless HTTP service that receives an encrypted payload from the client, stores it in a temporary database, and returns a one‑time URL that expires after a configurable duration. The encryption is performed entirely in the browser using OpenPGP.js, ensuring that the server never sees plaintext secrets. This guarantees that even a compromised backend cannot recover stored data, aligning with the zero‑knowledge design principle.

• End‑to‑end encryption – Client‑side OpenPGP keys are generated on the fly; the server stores only ciphertext and a random UUID.
• One‑time access – Each secret can be downloaded once; subsequent requests are rejected with a 410 Gone status.
• Configurable expiry – Secrets self‑destruct after 1h, 1d, or 1w by default, but can be overridden via the CLI or API.
• Optional password protection – Users may supply a passphrase that is hashed and stored alongside the ciphertext for an additional layer of security.
• Minimalistic API – POST /api/v1/secret accepts application/octet-stream; GET /s/:uuid returns the encrypted blob.

• Language & Runtime – Go 1.20+; the entire server is a single binary with no external dependencies.
• Web Framework – The standard library net/http with a small router (gorilla/mux) for routing and middleware.
• Storage – An embedded SQLite database (modernc.org/sqlite) is used for persistence; the schema contains only a uuid, payload, expires_at, and optional password_hash.
• Encryption – Client‑side OpenPGP.js (JavaScript) for browser encryption; the server merely persists the resulting ASCII-armored string.
• Testing & CI – Go’s built‑in testing framework, with coverage reports on Codecov and a continuous integration pipeline on GitHub Actions.

┌───────────────────────┐
│  Browser (OpenPGP.js) │
├─────────────▲──────────┤
│             │          │
│  Encrypt    │          │
├───────┬─────▼─────┐    │
│       │           │    │
│  POST /api/v1/secret   │
│       │           │    │
└───────▼─────────────┘    │
        Store (SQLite)     │
                ▲          │
                │          │
        GET /s/:uuid       │
                │          │
        Decrypt (client)   │
└───────────────────────┘

The service exposes a minimal REST API; all business logic is handled in Go, while the heavy lifting of encryption/decryption remains on the client. This separation keeps the server stateless and simplifies scaling: any number of identical instances can share a common SQLite file or be replaced with a more robust database if needed.

• CLI Integration – The yopass binary supports flags for encryption, decryption, file uploads, and custom expiration. It can be scripted into CI pipelines or integrated with terminal tools like fzf.
• API – The /api/v1/secret endpoint accepts raw data and returns a JSON payload containing the UUID, expiry timestamp, and optionally a password hash. The /s/:uuid endpoint serves the ciphertext directly.
• Webhooks – While not built‑in, developers can hook into the deletion lifecycle by monitoring the SQLite expires_at column or exposing a custom endpoint that triggers on expiry.
• Extensibility – The codebase is modular; adding a new storage backend (e.g., Redis, Postgres) requires only implementing the Store interface. Plugin hooks can be added via Go’s plugin system for advanced use cases.

• Self‑Hosting – A single binary can be deployed on any Linux, macOS, or Windows host. No external services are required beyond a web server (Nginx/Traefik) to handle TLS termination.
• Containerization – Official Docker images are available; the container exposes port 8080 and mounts a volume for persistent storage. Kubernetes deployments can use stateful sets with PersistentVolumeClaims.
• Scalability – Because the server is stateless, horizontal scaling is trivial. Multiple instances can share a common SQLite file via NFS or switch to a shared database for larger deployments.
• Resource Footprint – Under typical load (≈10 k secrets/day) the binary consumes <50 MiB RAM and <1 % CPU, making it suitable for lightweight edge deployments.

• Custom Domains – The CLI accepts a --url flag, allowing you to expose Yopass behind any domain or reverse proxy.
• Authentication Bypass – Since the service is intentionally “dumb”, adding authentication (JWT, OAuth) is a matter of wrapping the API with middleware.
• File Uploads – Limited support for small files (≤1 MB) is built‑in; developers can extend this to larger payloads by adjusting the SQLite blob size or switching to an object store.