theCalcaholic / nextcloud-secrets

The secrets app allows Nextcloud users to securely transmit e2e encrypted secrets (like passwords) to anyone
GNU Affero General Public License v3.0
21 stars 6 forks source link
nextcloud nextcloud-app nextcloud-apps secret-sharing

Secrets

Securely share data with anyone. All data is end-to-end encrypted by the user and will be deleted once retrieved successfully

More Screenshots

Get it from the Nextcloud app store

Sharing

Secrets allows users to generate share links for text based data (e.g. passwords, CSV lists, bank accounts...) that can be sent to anyone (including receivers without a Nextcloud account) for retrieval. The data itself will be end-to-end encrypted (so not even Nextcloud can access it) and the encryption key will be part of the share link (the anchor part) - but never be actually sent to the server. Once retrieved, the secret will be deleted from the server, ensuring, that if it arrived at the correct receiver it has been seen by nobody else.

Cli

Starting with version 2.0.0, Secrets offers a command line tool that allows the creation and retrieval of secrets without a web browser. It's available from the github releases.

Usage

Usage: nc-secrets [options] [command]

cli for https://apps.nextcloud.com/apps/secrets

Options:
  -k, --insecure                                         Disable SSL certificate validation (FOR TESTING ONLY)
  -h, --help                                             display help for command

Commands:
  create [options] <nextcloud-url> <user> <secret-file>  Create a new secret
  retrieve [options] <secret-url>                        Retrieve a secret and print it to stdout
  info <nextcloud-url>                                     Get information about a Nextcloud Secrets API
  help [command]                                         display help for command

More details here.

OCS-API

Starting with version 2.0.0, Secrets provides an OCS-API (that's also used by the Secrets CLI). It's specification can be found here;

However, all of the encryption is not part of the API, but is solved in the client (since Secrets uses solely end-to-end encryption). So take care when using the OCS-API directly. You can find the implementation of Secrets' client cryptography here

Development

Building the app

The app can be built by using the provided Makefile by running:

make

This requires the following things to be present:

The make command will install or update Composer dependencies and also npm run build.

Publish to App Store

First get an account for the App Store then run:

make && make appstore

The archive is located in build/artifacts/appstore and can then be uploaded to the App Store.

Running tests

You can use the provided Makefile to run all tests by using:

make test

This will run the PHP unit and integration tests and if a package.json is present in the js/ folder will execute npm run test

Of course you can also install PHPUnit and use the configurations directly:

phpunit -c phpunit.xml

or:

phpunit -c phpunit.integration.xml

for integration tests

Generating OpenAPI specification

This command will generate a file namd openapi.json which contains the documentation for the app's API endpoints.

compose exec generate-spec

This command is not included in make, due to this bug with Nextcloud's openapi-extractor and therefore needs to be run manually before release.