No description
Find a file
Lauri Lubi 1ac262e34e Bots that prefetch should not destroy the secret (#100)
* Create preview view, remove sneaky-user-agents logic

* unit tests

* rename openSecret to viewSecret

* code clean-up and style

* rename view secret to reveal secret

* update authors list

* bump version to 1.5.0
2019-03-05 07:47:07 -08:00
snappass Bots that prefetch should not destroy the secret (#100) 2019-03-05 07:47:07 -08:00
.bumpversion.cfg Bots that prefetch should not destroy the secret (#100) 2019-03-05 07:47:07 -08:00
.dockerignore Add Dockerfile/.dockerignore files 2016-07-18 17:37:54 -04:00
.gitignore Deprecate support for py26 and py34 2018-05-06 12:45:38 -07:00
.travis.yml Only build on the master branch 2018-10-31 11:03:42 -07:00
ADOPTERS.md Add Ookla to adopters 2018-12-21 10:21:28 -08:00
AUTHORS.rst Bots that prefetch should not destroy the secret (#100) 2019-03-05 07:47:07 -08:00
CHANGELOG.rst Prepare the 1.4.1 release 2018-10-31 15:50:49 -07:00
CODE_OF_CONDUCT.md Prepare the 1.4.1 release 2018-10-31 15:50:49 -07:00
CONTRIBUTING.rst Fix reST syntax for fixed-with text 2018-08-12 23:45:49 +02:00
dev-requirements.txt Update all Python requirements to latest stable 2018-07-12 21:23:25 -04:00
docker-compose.yml Use SIGINT to grecefully shutdown flask 2017-05-24 14:02:23 -04:00
Dockerfile Update Docker image to Python 3.7 (current latest) 2018-07-12 21:27:32 -04:00
LICENSE Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00
MANIFEST.in Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00
README.rst README fixes 2019-01-16 08:11:56 -06:00
requirements.txt Upgrade to cryptography 2.3.1 2018-10-31 09:39:18 -07:00
setup.cfg Bots that prefetch should not destroy the secret (#100) 2019-03-05 07:47:07 -08:00
setup.py Bots that prefetch should not destroy the secret (#100) 2019-03-05 07:47:07 -08:00
tests.py Bots that prefetch should not destroy the secret (#100) 2019-03-05 07:47:07 -08:00
tox.ini Update tests to run using Python 3.7 2018-07-12 21:24:27 -04:00

========
SnapPass
========

|pypi| |build|

.. |pypi| image:: https://img.shields.io/pypi/v/snappass.svg
    :target: https://pypi.python.org/pypi/snappass
    :alt: Latest version released on PyPI

.. |build| image:: https://travis-ci.org/pinterest/snappass.svg
    :target: http://travis-ci.org/pinterest/snappass
    :alt: Build status

It's like SnapChat... for passwords.

This is a web app that lets you share passwords securely.

Let's say you have a password.  You want to give it to your coworker, Jane.
You could email it to her, but then it's in her email, which might be backed up,
and probably is in some storage device controlled by the NSA.

You could send it to her over chat, but chances are Jane logs all her messages
because she uses Google Hangouts Chat, and Google Hangouts Chat might log everything.

You could write it down, but you can't find a pen, and there's way too many
characters because your security person, Paul, is paranoid.

So we built SnapPass.  It's not that complicated, it does one thing.  If
Jane gets a link to the password and never looks at it, the password goes away.
If the NSA gets a hold of the link, and they look at the password... well they
have the password.  Also, Jane can't get the password, but now Jane knows that
not only is someone looking in her email, they are clicking on links.

Anyway, this took us very little time to write, but we figure we'd save you the
trouble of writing it yourself, because maybe you are busy and have other things
to do.  Enjoy.

Security
--------

Passwords are encrypted using `Fernet`_ symmetric encryption, from the `cryptography`_ library.
A random unique key is generated for each password, and is never stored;
it is rather sent as part of the password link.
This means that even if someone has access to the Redis store, the passwords are still safe.

.. _Fernet: https://cryptography.io/en/latest/fernet/
.. _cryptography: https://cryptography.io/en/latest/

Requirements
------------

* Redis
* Python 2.7+ or 3.4+ (both included)

Installation
------------

::

    $ pip install snappass
    $ snappass
    * Running on http://0.0.0.0:5000/
    * Restarting with reloader

Configuration
-------------

You can configure the following via environment variables.

``SECRET_KEY``: unique key that's used to sign key. This should
be kept secret.  See the `Flask Documentation`__ for more information.

.. __: http://flask.pocoo.org/docs/quickstart/#sessions

``DEBUG``: to run Flask web server in debug mode.  See the `Flask Documentation`__ for more information.

.. __: http://flask.pocoo.org/docs/quickstart/#debug-mode

``STATIC_URL``: this should be the location of your static assets.  You might not
need to change this.

``NO_SSL``: if you are not using SSL.

``REDIS_HOST``: this should be set by Redis, but you can override it if you want. Defaults to ``"localhost"``

``REDIS_PORT``: is the port redis is serving on, defaults to 6379

``SNAPPASS_REDIS_DB``: is the database that you want to use on this redis server. Defaults to db 0

``REDIS_URL``: (optional) will be used instead of ``REDIS_HOST``, ``REDIS_PORT``, and ``SNAPPASS_REDIS_DB`` to configure the Redis client object. For example: redis://username:password@localhost:6379/0

``REDIS_PREFIX``: (optional, defaults to ``"snappass"``) prefix used on redis keys to prevent collisions with other potential clients

Docker
------

Alternatively, you can use `Docker`_ and `Docker Compose`_ to install and run SnapPass:

.. _Docker: https://www.docker.com/
.. _Docker Compose: https://docs.docker.com/compose/

::

    $ docker-compose up -d

This will pull all dependencies, i.e. Redis and appropriate Python version (3.7), then start up SnapPass and Redis server. SnapPass server is accessible at: http://localhost:5000

We're Hiring!
-------------

Are you really excited about open-source and great software engineering?
Pinterest is `hiring`__!

.. __: https://careers.pinterest.com