nowo-tech / yopass-bundle
Symfony bundle for Yopass-style E2E encrypted secret sharing with configurable routes, table prefix, and access control
Package info
github.com/nowo-tech/YopassBundle
Type:symfony-bundle
pkg:composer/nowo-tech/yopass-bundle
Fund package maintenance!
Requires
- php: >=8.2 <8.6
- ext-sodium: *
- doctrine/doctrine-bundle: ^2.10 || ^3.0
- doctrine/orm: ^2.15 || ^3.0
- symfony/config: ^7.4 || ^8.0
- symfony/dependency-injection: ^7.4 || ^8.0
- symfony/form: ^7.4 || ^8.0
- symfony/framework-bundle: ^7.4 || ^8.0
- symfony/http-kernel: ^7.4 || ^8.0
- symfony/routing: ^7.4 || ^8.0
- symfony/security-bundle: ^7.4 || ^8.0
- symfony/translation: ^7.4 || ^8.0
- symfony/twig-bundle: ^7.4 || ^8.0
- symfony/validator: ^7.4 || ^8.0
- symfony/yaml: ^7.4 || ^8.0
Requires (Dev)
- doctrine/mongodb-odm: ^2.6
- doctrine/mongodb-odm-bundle: ^5.0
- friendsofphp/php-cs-fixer: ^3.0
- phpstan/extension-installer: ^1.0
- phpstan/phpstan: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpstan/phpstan-symfony: ^2.0
- phpunit/phpunit: ^10.0
- rector/rector: ^2.0
- symfony/browser-kit: ^7.4 || ^8.0
- symfony/dom-crawler: ^7.4 || ^8.0
Suggests
- doctrine/mongodb-odm-bundle: Required when nowo_yopass.database.platform is mongodb or database.driver is doctrine_mongodb.
This package is auto-updated.
Last update: 2026-07-04 08:35:27 UTC
README
⭐ Found this useful? Give it a star on GitHub so more developers can find it.
Symfony bundle for Yopass-style E2E encrypted secret sharing: client-side libsodium encryption, expiration, read limits, and public reveal pages.
FrankenPHP worker mode: Supported — stateless controllers and services; tested with the Symfony 8 demo using FrankenPHP (see Demo with FrankenPHP).
Features
- Browser-side encryption (
libsodiumsecretbox); server stores ciphertext only - Text and file payloads (max 512 KB files; file tab requires
file_handlerservice) - Configurable expiration options, max-read limits, list pagination, and retention purge
- Auto-generated decryption key or custom password mode
- One-click links via
?decrypt_key=query parameter; short links with manual key entry - Authenticated manage UI + anonymous public reveal/consume routes
- Configurable routes, table prefix, templates, and pluggable access control
- Share events — customize list queries and per-share access (teams, grants, roles) without built-in ACL
Installation
composer require nowo-tech/yopass-bundle
See Installation for Flex recipe, Doctrine schema, routes, and security firewall setup.
Configuration
# config/packages/nowo_yopass.yaml nowo_yopass: user_class: App\Entity\User table_prefix: yopass_ security: access_checker: App\Security\CustomYopassAccessChecker # optional
Full reference: Configuration.
Usage
- Manage UI:
/tools/yopass(configurable) - Public reveal:
/share/{id}or/share/{id}?decrypt_key=…(configurable) - Override Twig:
templates/bundles/NowoYopassBundle/
See Usage and Access control events.
Demo
make -C demo up-symfony8
# Demo started at: http://localhost:8022 → Yopass CRUD at /tools/yopass (auto-login)
Documentation
- Installation
- Configuration
- Usage
- Contributing
- Changelog
- Upgrading
- Release process
- Security
- Engram
- Spec-driven development
Additional documentation
- Share list and access events
- Demo with FrankenPHP
- Local file storage (demo default)
- AWS S3 file shares example (local, gitignored)
Tests and Coverage
make test # PHPUnit make test-coverage # PHP coverage + percentage script make test-ts # Vitest (crypto) make release-check # Full pre-release chain
| Language | Coverage |
|---|---|
| PHP | 100% (Lines) — make test-coverage-100 |
| TypeScript | 74.21% (Lines) — make test-ts (password-mode paths require browser sodium runtime) |
License
MIT — see LICENSE.