HN Showcase
Back to browse
GitHub Repository

Zero-knowledge one-time secret sharing. End-to-end encrypted, self-hosted, open source.

29 starsHTML

1time – Zero-knowledge secret sharing with E2E encryption

by shingrus·Mar 25, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

MidCozy

Eight years of maintenance but privnote and 1Password already solve this.

Strengths
  • HKDF-SHA256 key derivation with separate encryption and auth keys shows crypto care.
  • Four-line Docker Compose makes self-hosting actually feasible for teams.
  • CLI pipes secrets directly from terminal into DevOps workflows.
Weaknesses
  • Zero-knowledge secret sharing is solved—privnote, 1Password, and Bitwarden all do this.
  • No meaningful differentiation beyond being open source and self-hostable.
Category
Security
Target Audience

Developers and teams needing to share credentials securely

Similar To

Privnote · 1Password Secret Sharing · Bitwarden Send

Post Description

I started this 8 years ago to learn Go. The idea was simple: a secret sharing tool where you don't have to trust the server at all.

Secrets are encrypted in your browser (AES-256-GCM) before anything leaves your device. The key lives in the URL fragment (#), which browsers never send to the server. Key derivation uses HKDF-SHA256 with separate keys for encryption and auth.

No tracking, no cookies, no accounts. Open source (MIT). Runs on a $10 VPS — Go stdlib, Redis, static Next.js.

CLI included: printf 'db_password' | 1time send Self-hosting: 4-line Docker Compose (amd64 + arm64).

Would love feedback on the crypto approach and UX.

Live: https://1time.io | Source: https://github.com/shingrus/1time

Similar Projects