Download the PHP package madebyraygun/pssst without Composer

On this page you can find all versions of the php package madebyraygun/pssst. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package pssst

PSSST!

A lightweight PHP-based application to securely submit and retrieve information such as passwords via the web. No database required. Keep your secrets out of email and Slack!

With the TOTP authentication and administrator email features enabled, this app functions as a single-user secret request form. (Meaning, only the administrator can get notified and retrieve secrets). By turning these features off, anyone can use the system to generate a secret, copy the generated link, and send via any secure channel.

Note This application is still in development, and, given the presumably sensitive nature of the message contents, should be used with caution.

Installation

Upload the source files to a web server running PHP 8.2 or later, or use a local web server such as DDEV (configuration included) to test the application. If you're using a web server other than DDEV, make sure you set the public folder as the html root.

From the terminal:

composer install

cp .env.example .env

Edit the .env file to update the app settings. Include your Cloudflare Turnstile site key and Mailgun credentials (recommended but optional).

Optional

If you want to use a time-based OTP to protect your secrets, set TOTP_ACTIVE to "true" and generate an OPT key with the following terminal command:

echo "TOTP_SECRET=\"$(LC_ALL=C tr -dc 'A-Z2-7' </dev/urandom | head -c 32)\"" >> .env

Other configuration options

Choose a color theme by setting the APP_THEME setting. See https://picocss.com/docs/version-picker for available themes.

Upload a logo.png file to the public\assets\ directory to set a custom logo. Use the filenames logo-light.png and logo-dark.png to set different logos for light and dark mode.

Disable the Github repo link by setting SHOW_GITHUB_LINK to false.

Usage

On first run, if you're using TOPT, generate your authenticator secret at /generate-totp. This is a unique secret that is based on your admin email address and the TOTP_SECRET value in your .env file. You will use the dynamically generated 6 digit code to retrieve and delete secrets. Save this URL to your authenticator program.

Extremly important note

The generate-totp endpoint is only available when the app is in "dev" mode. It is extremely important that you only run the publicly accessible site in "production" mode. Running a publicly accessible site in "dev" mode can expose your TOTP authentication credentials. If you make this mistake, be sure to regenerate your TOTP_SECRET key and update your authenticator.

Create a new secret using the form at the main URL of your application. The secret contents will be saved as a JSON file in the data folder, and the contents of the message will be encrypted wi a "key" that is included in the retrieve URL. The server administrator cannot view the contents of the secret without that key.

A URL will be generated to retrieve the secret. If you've set up Mailgun, the URL will be emailed to the administrator. Otherwise, the URL will be displayed on the /created/ page after the secret has been successfully saved.

The retrieve endpoint is protected by the TOTP authentication you set up earlier. Enter your code to view and delete your secrets.

Roadmap

All versions of pssst with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2.0
vlucas/phpdotenv Version ^5.6
mailgun/mailgun-php Version ^4.3
symfony/http-client Version ^7.1
nyholm/psr7 Version ^1.8
jiripudil/otp Version ^1.0
bramus/router Version ^1.6
twig/twig Version ^3.0
picocss/pico Version ^2.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package madebyraygun/pssst contains the following files

Loading the files please wait ....