Agrippa

About

Agrippa is a PHP-based secret sharing mechanism. Named after the work of William Gibson, Agrippa operates on the principle that sharing a temporary link to sensitive information is better than having the sensitive information itself persist in email, chat, or any other insecure communications channel.

How It Works

Enter the secret to share, an expiration date/time, and a view limit.
Receive a unique link to the secret, which can be shared with the intended recipient.
Once the link expires or the view limit is surpassed, the secret is destroyed.

Requirements

In short, Agrippa has the same requirements as Laravel 5.1:

Apache or Nginx
PHP >= 5.5.9
Composer
OpenSSL PHP Extension
PDO PHP Extension
Mbstring PHP Extension
Tokenizer PHP Extension

Installation

Run composer create-project unicalabs/agrippa myagrippa to create your instance of Agrippa.
Enter the newly-created project: cd myagrippa
Change APP_SALT in .env to a randomly-generated value.
Create the database: touch storage/database.sqlite Alternatively, adjust .env to use your MySQL, PostgreSQL, or SQL server connection.
Set up the database: php artisan migrate
Configure Apache or Nginx to serve the public folder. Use the Laravel configuration documentation for guidance.

Always serve your Agrippa installation over HTTPS, and patch your systems to keep pace with newly-documented CVEs. Agrippa stores data at-rest securely, but that's worth nothing if your data in-transit is exposed.

Development

Documentation for the framework (Laravel 5.1) can be found on the Laravel website. To get a development environment up and running, see the Laravel Homestead documentation. You can reference the following example Homestead configuration, if it helps:

---
ip: "192.168.10.10"
memory: 2048
cpus: 2
provider: virtualbox

authorize: ~/.ssh/id_rsa.pub

keys:
    - ~/.ssh/id_rsa

folders:
    - map: ~/Documents/workspace/agrippa
      to: /home/vagrant/agrippa

sites:
    - map: agrippa.local
      to: /home/vagrant/agrippa/public

variables:
    - key: APP_ENV
      value: local

History

The idea of sharing secrets through URLs with time and view limits originally came from pglombardo's PasswordPusher, written with Ruby on Rails in 2011. In 2012, the project was shared on Reddit and subsequently open-sourced, leading to PHPasswordPusher, a PHP port of the original. Agrippa is itself a rewrite that sports the flexibility of the Laravel framework, while PHPasswordPusher provides the basic functionality for those constrained to older PHP versions (5.3+). As of August 2015, all projects continue to be actively maintained.

Agrippa is maintained by Unica Labs, LLC.

Published with GitHub Pages