Skip to content
/ subtle.sh Public

E2E encrypted ephemeral messaging app. Share secrets securely without setup. Built with Next.js, Soketi, and OpenPGP.js. Self-hostable.

subtle.sh

License

MIT license
11 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ivstiv/subtle.sh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
app
app
 
 
components
components
 
 
config
config
 
 
data
data
 
 
docs/self-host-soketi
docs/self-host-soketi
 
 
lib
lib
 
 
public
public
 
 
types
types
 
 
.editorconfig
.editorconfig
 
 
.env.example
.env.example
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.cjs
.eslintrc.cjs
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc
.prettierrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
components.json
components.json
 
 
env.js
env.js
 
 
next-env.d.ts
next-env.d.ts
 
 
next.config.mjs
next.config.mjs
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
postcss.config.cjs
postcss.config.cjs
 
 
reset.d.ts
reset.d.ts
 
 
tailwind.config.js
tailwind.config.js
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

subtle.sh

Discovered openpgp.js and soketi, and thought it would be fun to build an E2E encrypted app. Next time you're sending a secret over Slack, email, or any other plain text messaging, remember you have easy alternatives. Whether you choose subtle.sh or a pigeon is up to you, but here are some points to help you decide:

  • a pigeon is great but not zero-config.
  • subtle.sh is less likely to get intercepted.
  • Both support custom servers, but a pigeon offers a wider range of supported providers.
  • subtle.sh uses a more modern tech stack (Next.js, Soketi, React, Tailwind).
  • a pigeon is more established and has long-term support.

All jokes aside, this could be genuinely useful if you don’t share a password vault with someone and need to quickly send credentials. No installation or setup required—just generate a fresh session and share it. Once the tab is closed, all keys are discarded, and the secret disappears with them.

Host your own server

You can host your own server if you want to keep complete ownership of your sessions.

Development

To run the app locally, you need to have pnpm installed. Then, you can install the dependencies and start the development server with:

cp .env.example .env
pnpm install --frozen-lockfile
pnpm dev

Why not supporting disconnect events?

Having a refresh button is a good compromise. Otherwise there are two ways to go about this:

  1. Use pusher presence channels (less work)
  • needs authorization endpoint
  • needs ngrok to tunnel the requests to that endpoint on dev
  • the only reason for the endpoint to exist is to abide to the pusher protocol (no security enhancements)
  • if I am going to be doing that I might as well build a full dockerised dev env
  1. DIY websocket server with redis
  • too much effort for a simple feature

About

E2E encrypted ephemeral messaging app. Share secrets securely without setup. Built with Next.js, Soketi, and OpenPGP.js. Self-hostable.

subtle.sh

Topics

react pusher nextjs pgp web-application e2e soketi

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages