A REST API for storing and sharing secrets via one-time URLs. Secrets expire after a configurable number of views or a TTL, and are stored encrypted at rest.
go build -o secretserver
ENCRYPTION_KEY=your-key ./secretserverServer listens on :8080. MongoDB defaults to localhost:27017.
docker-compose up --buildStarts the app and a MongoDB instance together.
| Variable | Default | Description |
|---|---|---|
ENCRYPTION_KEY |
default-key-change-in-production!! |
AES-256-GCM encryption key |
MONGO_URI |
mongodb://localhost:27017 |
MongoDB connection URI |
Full spec: swagger.yaml
POST /secret
Content-Type: application/x-www-form-urlencoded
secret=<text>&expireAfterViews=<int>&expireAfter=<minutes>
expireAfterViews— must be greater than 0; secret is deleted after this many readsexpireAfter— minutes until expiry;0means never expires
Returns the created secret with its hash.
GET /secret/:hash
Returns the secret as JSON and decrements the remaining view count. The secret is permanently deleted when the last view is consumed or the TTL has passed. Returns 404 if not found or expired.
GET /metrics
Returns per-endpoint request counts and average latency (ms):
{
"GET /secret/:hash": { "requests": 10, "avg_latency_ms": 2.4 },
"POST /secret": { "requests": 5, "avg_latency_ms": 8.1 }
}go test ./...Tests cover AES-256-GCM encryption/decryption (internal/crypto), request metrics tracking (internal/metrics), and hash generation (secret).
main.go
├── external/mongodb/ — MongoDB singleton; URI from MONGO_URI env var
├── internal/crypto/ — AES-256-GCM encrypt/decrypt; key from ENCRYPTION_KEY
├── internal/metrics/ — in-memory request counter + latency tracker
├── server/ — Echo HTTP server, middleware wiring, route registration
└── secret/ — handlers, model (Secret + DoHash), repository
Secrets are encrypted before insertion and decrypted on retrieval. Each secret carries a cryptographically random 128-bit hex hash as its identifier.