Product & Engineering Blog

Onetime Secret v0.23 spans four releases (v0.23.0 through v0.23.3), covering configuration migration infrastructure, anonymous API access, a new community translation, and several bug fixes.

We support 12+ languages. I can only read 1. Here's how we do it without a dedicated localization team.

Version v0.22.4 introduces new configuration options for customizing security policies and access control.

Note: I leaned heavily on Google Gemini for this investigation, blog post, and the necessary blog post illustration.

On a whim while working with Claude on reorganizing our tests, I thought I'd ask how it really feels.

Following our domain architecture update, this guide provides concrete methods to verify authentic Onetime Secret services and identify impostor sites.

A recent phishing attempt exposed users to an impostor site that mirrored our interface but actually exposed secrets. While Cloudflare helped shut down this particular site, the incident highlighted a broader concern: user can struggle to distinguish legitimate from fraudulent services (see Which one of these is the real onetimesecret?).

OnetimeSecret.com has been around for quite a while – long enough to attract several impostor sites ranging from confusingly similar to downright malicious. Thanks to our alert users and partners (like in this recent GitHub issue), we can spot and address these problems.

Our data center network has expanded with an Aotearoa New Zealand location. The Aotearoa New Zealand region (nz.onetimesecret.com) maintains our share-nothing architecture - ensuring data created in Aotearoa New Zealand stays in Aotearoa New Zealand.

We've expanded our data center options with a new Canadian location. The Canada region (ca.onetimesecret.com) follows our share-nothing architecture - ensuring data created in Canada stays in Canada.

Today we're announcing Onetime Secret v0.20.0, a release focused on renewed language support and enhanced type safety and error handling.

Today we're announcing Onetime Secret v0.19.0, a release focused on enhanced type safety, robust error handling, and custom branding capabilities.

Our privacy-by-design approach means no need for cookie banners. We don't need to ask permission for something we don't do in the first place.

At Onetime Secret, we believe privacy and simplicity go hand in hand. While many services collect extensive user data, we've chosen a different path focused on what matters most: secure, reliable secret sharing. You can learn more about our guiding principles in our documentation.

We're jazzed to introduce our new US locality, enhancing our data privacy options and expanding user choice. The US instance is now available at us.onetimesecret.com, complementing our existing EU site at eu.onetimesecret.com.

Discover why Onetime Secret uses imperfect AI-generated images in our blog posts and how it aligns with our values of transparency and security.

Welcome to our comprehensive series on setting up and installing Onetime Secret. In this first installment, we'll walk you through the process of installing Onetime Secret as a standalone web application using the latest methods and best practices. Whether you're a seasoned sysadmin or just getting started with self-hosting, this guide will help you get Onetime Secret up and running smoothly.

Onetime Secret v0.18.0 brings significant improvements to our secure, one-time sharing platform. This release focuses on enhancing performance, security, and user experience.