Question 1

How does Yopass encrypt files before upload?

Accepted Answer

Yopass uses client-side streaming encryption with OpenPGP in the browser, so files are encrypted locally before being sent to the server. This ensures the server only stores encrypted data, as described in the file upload support feature.

Question 2

Can Yopass be used to share secrets with multiple recipients?

Accepted Answer

Yes, but links are designed for one-time viewing by default; for multiple accesses, you must disable the one-time option, though this reduces security. The CLI and UI allow configuration for non-one-time sharing with expiration.

Question 3

How to set up Yopass with HTTPS using Let's Encrypt?

Accepted Answer

Use the provided Docker Compose setup in the 'deploy/with-nginx-proxy-and-letsencrypt' directory, replacing placeholder values for VIRTUAL_HOST and LETSENCRYPT_EMAIL. This automates TLS certificate renewal, as outlined in the getting started section.

Question 4

Yopass vs Bitwarden Send - which is better for self-hosting?

Accepted Answer

Yopass is simpler and focuses purely on ephemeral sharing with no accounts, while Bitwarden Send offers more features like password manager integration. Choose Yopass for minimal setup and client-side encryption; Bitwarden Send for broader secret management.

Question 5

What happens if a secret expires before being viewed?

Accepted Answer

Expired secrets are automatically deleted from the database or file store based on the cleanup interval. The server periodically removes old data, ensuring no residual storage, as mentioned in the configuration options.

Question 6

Is Yopass compliant with data privacy regulations like GDPR?

Accepted Answer

Since data is encrypted client-side and ephemeral, it reduces exposure, but compliance depends on deployment and logging. The README suggests configuring trusted proxies and privacy notices, but users must ensure their setup meets specific regulatory requirements.

Question 7

How to disable file uploads in Yopass for security?

Accepted Answer

Use the --disable-upload server flag to turn off file upload endpoints, restricting the service to text-only secrets. This is useful in read-only mode or to limit attack surfaces, as documented in the server configuration.

Yopass

What is Yopass?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions