{
  "name": "Onetime Secret",
  "slug": "onetimesecret",
  "categories": [6],
  "date_created": "2026-05-26",
  "type": "ct",
  "updateable": true,
  "privileged": false,
  "has_arm": false,
  "interface_port": 80,
  "documentation": "https://docs.onetimesecret.com/en/self-hosting/installation/",
  "website": "https://onetimesecret.com/",
  "logo": "https://onetimesecret.com/favicon.svg",
  "description": "Onetime Secret is a self-hosted secret sharing app that creates self-destructing links for passwords, API keys, and other sensitive text.",
  "install_methods": [
    {
      "type": "default",
      "script": "ct/onetimesecret.sh",
      "config_path": "/opt/onetimesecret/.env",
      "resources": {
        "cpu": 2,
        "ram": 4096,
        "hdd": 10,
        "os": "Debian",
        "version": "13"
      }
    }
  ],
  "default_credentials": {
    "username": null,
    "password": null
  },
  "notes": [
    {
      "text": "Update HOST and set SSL=true in /opt/onetimesecret/.env when using a domain or TLS-terminating reverse proxy.",
      "type": "warning"
    },
    {
      "text": "Configure SMTP settings in /opt/onetimesecret/.env if you want email notifications or account verification features.",
      "type": "info"
    },
    {
      "text": "Back up /opt/onetimesecret/.env because it contains the root SECRET used to derive the app's other cryptographic keys.",
      "type": "warning"
    }
  ]
}