You need to share some secret information with someone. It might be the password to your hosting environment, or some other critical bit of information you want to be sure only one person will ever receive. Most message systems like chat or email will store the data in a database (or even index it for searching). You shouldn’t really trust third party software in this case either, as they’re routinely hacked.

I was looking for a simple bit of software I could launch in minutes that was uncomplicated, and something I could trust. There’s a lot of options, but they either store my secrets in some way I can’t fully trust, or they offer lots of features and come with a massive framework so complex I can’t understand if the code is secure or not.

I wanted to fix this, so I created a simple node.js application that will only store values in-memory, and all the code could be understood within an hour.

Incognito/One-Time-Secret was designed with these features in mind:

• Easy self-hosting of secrets

• Easily read and understood code

• Limited dependencies

• Easily modified when needed

• Fully tested

I built in the following failure modes to keep secrets safe:

• Total data loss on server crash

• Secret variables are over-written in memory before deletion

• Secret Data expires and is removed automatically when it is not accessed in time

If this seems like something you could use, feel free to test out Incognito/One-Time-Secret.

There’s also a detailed Wiki on github which also lists alternatives if you are looking for another solution.