| Documentation | API Docs | Building | Running

A secure, open-source password sharing platform built with microservices architecture. Share passwords and sensitive text securely without compromising security - no phone calls or complicated GPG setup required.

🔒 Secure by design: Messages are encrypted and automatically expire
🌐 Multiple interfaces: Web UI, REST API, and Slack integration
⚡ Modern architecture: Go microservices with hexagonal architecture
📱 Developer-friendly: Complete REST API with Swagger documentation

Visit our wiki for detailed information

You fill out the form with the necessary information including both of your names and emails (optional). We use email to send the link to the content, but there is an option to disable emails. For your name(s), this is used to personalize and let the recipient know who sent them the link. There is no verification on names so you can use whatever to remain anonymous.

NOTE: All messages expire after 7 days. This means you won't be able to view your message after 7 days and will have to resend it.

The platform provides a complete REST API for programmatic access:

📖 Interactive Documentation: https://password.exchange/api/v1/docs

Quick API Examples:

# Submit a message
curl -X POST https://password.exchange/api/v1/messages \
  -H "Content-Type: application/json" \
  -d '{"content": "my secret", "maxViewCount": 3}'

# Check message status
curl "https://password.exchange/api/v1/messages/{id}?key={key}"

# Decrypt message
curl -X POST https://password.exchange/api/v1/messages/{id}/decrypt \
  -H "Content-Type: application/json" \
  -d '{"decryptionKey": "{key}"}'

To install our Slackbot go to https://api.password.exchange/slack/install. If you have set up your own version of this app, you can go to https://yoursite.com/slack/install.

Once installed to your organization, you can use the /encrypt command which will send the text to the bot and the bot will send a link to access the unencrypted text.

NOTE: Slackbot relies on the database and encryption services and deployments. You can remove the website deployment/service from the yaml if you only intend to deploy the slackbot.

Password Exchange uses a microservices architecture with hexagonal (ports and adapters) pattern:

• Web Service: Gin-based HTTP server serving frontend and REST API
• Database Service: gRPC service for all database operations
• Encryption Service: gRPC service handling encryption/decryption
• Email Service: RabbitMQ consumer for sending notification emails (fully hexagonal)
• Slackbot: Python Flask app with Slack integration

• Go 1.23+: Main application with Cobra CLI, Gin web framework, gRPC services
• Python: Slackbot using Flask, Slack Bolt, SQLAlchemy
• Protocol Buffers: Service definitions generate Go and Python clients
• RabbitMQ: Message queue for email notifications
• MySQL/MariaDB: Primary database for encrypted content and OAuth tokens
• Kubernetes: Container orchestration

1. Web service receives password submission → calls encryption service via gRPC
2. Encryption service generates unique ID and key → stores in database service
3. Email service sends notifications via RabbitMQ (if enabled)
4. Recipient accesses unique URL with decryption key
5. Slackbot provides same functionality within Slack workspaces

The codebase follows hexagonal architecture principles:

• Domain Layer: Pure business logic with no external dependencies
• Ports: Define interfaces for inbound/outbound interactions
• Adapters: Implement infrastructure concerns (databases, messaging, APIs)
• Clean separation: Business logic isolated from technical implementation details

The current tools are available:

1. Slack Bot
2. Password-Store Extension - https://github.com/Anthony-Bible/password-store-extension

If you have a tool or extension that interacts with Password Exchange please make a PR and we'll add it

• Secure message sharing: Server-side encrypted password and text sharing
• Automatic expiration: Messages expire after 7 days by default
• Configurable view limits: Set maximum number of times a message can be viewed
• Multiple interfaces: Web UI, REST API, and Slack bot
• Email notifications: Optional email alerts when messages are sent
• Passphrase protection: Additional security layer with optional passphrases
• Password generator: Generate strong, secure passwords and passphrases directly in the web UI.
• Rate limiting: Built-in protection against abuse
• Prometheus metrics: Monitoring and observability support
• Swagger documentation: Complete API documentation at /api/v1/docs
• Email reminders: Automated reminders for unviewed messages with configurable timing

The web interface includes a comprehensive, client-side password generator to help users create strong, secure passwords and passphrases.

• Generation Methods: Supports both randomly generated passwords and memorable passphrases based on the EFF Large Wordlist.
• Secure Randomness: Utilizes the browser's crypto.getRandomValues API for cryptographically secure random number generation.
• Strength Analysis: Integrates the zxcvbn library to provide real-time password strength analysis, including crack time estimations and actionable feedback.
• Customization:
  • Random Passwords: Configure length, and inclusion of uppercase, lowercase, numbers, and symbols. Also provides an option to exclude ambiguous characters (e.g., O, 0, l, 1).
  • Passphrases: Configure the number of words and the separator character.
• User Experience:
  • Real-time generation and strength analysis as options are changed.
  • Ability to generate multiple password options for users to choose from.
  • Easy copy-to-clipboard and insertion into the message field.

1. Send message to both users
2. ✅ Email reminders: Automated reminders for unviewed messages (configurable intervals)
3. Email/page visit notifications
4. Configurable expiration times
5. User-generated passwords
6. Client-side encryption: End-to-end encryption option (would limit bot integrations)

• Bitwarden integration
• Google Drive file sharing
• Salesforce integration
• LastPass integration
• PGP email integration

• Go 1.23+: Main application language
• Python 3.8+: For slackbot and protobuf generation
• Docker: For containerized builds
• protoc: Protocol buffer compiler
• grpcio-tools: Python protobuf tools (pip install grpcio-tools)

# Complete build verification (recommended)
./test-build.sh

This script will:

• Generate protobuf files for Go and Python
• Build the Go application
• Generate Swagger documentation
• Build Docker images for main app and slackbot
• Generate Kubernetes manifests with proper variable substitution

# Build Go application only
cd app && go mod tidy && go build -o app

# Generate protobuf files
protoc --proto_path=protos \
       --go_out=./app --go_opt=module=github.com/Anthony-Bible/password-exchange/app \
       --go-grpc_out=./app --go-grpc_opt=module=github.com/Anthony-Bible/password-exchange/app \
       protos/*.proto

# Generate Swagger docs
cd app && swag init -g internal/domains/message/adapters/primary/api/docs.go -o docs --parseDependency

# Build Docker images
docker build -t passwordexchange .
docker build -t slackbot -f slackbot/Dockerfile .

# Web service with frontend and REST API
./app web --config=config.yaml

# Database service (gRPC)
./app database --config=config.yaml

# Encryption service (gRPC)  
./app encryption --config=config.yaml

# Email service (RabbitMQ consumer)
./app email --config=config.yaml

# Send email reminders for unviewed messages
./app reminder --config=config.yaml --older-than-hours=24 --max-reminders=3

Currently we only support Kubernetes. If you don't have a Kubernetes cluster, you have two options:

• Docker Desktop: Enable local Kubernetes
• Minikube: Set up Kubernetes locally

1. Database Setup

   • Download the MySQL file from the root of the project
   • Update password in create user statements
   • Import the MySQL schema: mysql -u user -p < passwordexchange.sql

2. Configuration

   • Edit kubernetes/secrets.yaml with your information
   • View available options

3. Deploy

   • Download the latest manifest from releases
   • Apply to cluster: kubectl apply -f password-exchange.yaml
   • Or use the generated combined.yaml from ./test-build.sh