Skip to content

Hemmelig.app

Secrets & Credentials

A web app for securely sharing encrypted secrets with client‑side AES‑256‑GCM encryption, self‑destruct timers, and optional password/IP protection.

Track releases GitHub Website
TypeScript Latest v7.4.8 · 2mo ago Security brief →

Features

  • Client-side AES-256-GCM encryption
  • Self-destructing secrets with expiration and view limits
  • Optional password and IP restrictions for added security

Recent releases

View all 7 releases →
v7.4.7 Security relevant
Breaking changes
  • File uploads restricted to registered users only
Security fixes
  • Fixed dependabot security alerts
  • Added CSP header for XSS protection
  • ID parameter validation enforced
Notable features
  • CSP header implementation
  • Rate limiter dynamic reconfiguration
View release on GitHub
v7.4.4 Maintenance

Improved Dutch localization and removed outdated managed hosting references from documentation.

View release on GitHub
v7.4.3 Security relevant
Security fixes
  • Constant-time comparison prevents timing attacks
  • Buffer padding for cryptographic operations
Notable features
  • OAuth in Helm Chart
  • Constant-time comparison for buffers
  • Startup warning for default HMAC
View release on GitHub
cli-v1.0.2 New feature
Notable features
  • Cross-platform CLI support
  • Self-destructing encrypted secrets
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1,213
Forks
100
Languages
TypeScript JavaScript Go
Downloads/week
21 ↓9%
NPM Maintainers
1
Contributors
42
TypeScript
Types included ✓
View on GitHub View on npm Homepage Live demo

Install & Platforms

Install via
docker shell-script npm

Similar tools

Shhh
Themis
PasswordPusher
GlobaLeaks
aliasvault

Beta — feedback welcome: [email protected]