Skip to content

One Time Secret

Secrets & Credentials

A service that creates self‑destructing one‑time links for securely sharing passwords and other sensitive data without persisting them in email or chat.

Track releases GitHub Website
Ruby Latest v0.25.6 · 1d ago Security brief →

Features

  • Generates single‑use URLs that automatically expire after being viewed
  • Supports both bare‑metal (Ruby, Redis, Node.js) and containerized deployments via Docker/Docker Compose
  • Configurable authentication modes – simple Redis‑based or full SQL/MFA/WebAuthn setup
  • Email delivery via SMTP, SES, SendGrid or other providers
  • Live demo available at https://ca.onetimesecret.com/

Recent releases

View all 32 releases →
Review required
v0.25.6 Breaking risk
Auth RBAC Breaking upgrade

ADR-012 retry, billing refactor, manage_org rename

Open
Config change
v0.25.5-coda Breaking risk
Breaking upgrade Auth

Config checks + IP fix

Open
No immediate action
v0.25.4 New feature

--force flag + base plan entries

Open
Review required
v0.25.3 Breaking risk
Dependencies

Coupon CLI + region refactor + billing schema migration

Open
v0.25.2 Bug fix
Notable features
  • TTL entitlement gate for extended secret expiration
  • Toggle for domain verification requirement on custom domains
Full changelog

What's Changed

  • Reply-To submitter on authenticated feedback + length UX in https://github.com/onetimesecret/onetimesecret/pull/3077
  • Add TTL entitlement gate for extended secret expiration (#3074) in https://github.com/onetimesecret/onetimesecret/pull/3081
  • Add domain verification requirement toggle for custom domains in https://github.com/onetimesecret/onetimesecret/pull/3082
  • Fix domain permission validation to use Forbidden instead of FormError in https://github.com/onetimesecret/onetimesecret/pull/3078
  • Fix account settings tabs missing until refresh after login in https://github.com/onetimesecret/onetimesecret/pull/3084
  • Fix Colonel users list and normalize verified field in https://github.com/onetimesecret/onetimesecret/pull/3079
  • Fix domain status staleness tracking with atomic persistence (issue #3080) in https://github.com/onetimesecret/onetimesecret/pull/3085

Dependencies

  • Update dependency vite to ^8.0.6 by @renovate[bot] in https://github.com/onetimesecret/onetimesecret/pull/3035
  • Update dependency rubocop to v1.86.1 - autoclosed by @renovate[bot] in https://github.com/onetimesecret/onetimesecret/pull/3034
  • Bump net-imap from 0.6.3 to 0.6.4 in the bundler group across 1 directory by @dependabot[bot] in https://github.com/onetimesecret/onetimesecret/pull/3071

Full Changelog: https://github.com/onetimesecret/onetimesecret/compare/v0.25.1...v0.25.2

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
2,823
Forks
441
Languages
Ruby TypeScript Vue
View on GitHub Homepage Live demo Documentation

Install & Platforms

Install via
docker docker-compose

Similar tools

ots
Yopass
PasswordPusher
Zero-TOTP
Shhh

Beta — feedback welcome: [email protected]