Skip to content

idrsdev/oshrin

BranchesTags

Repository files navigation

Oshrin

License: MIT Docker Hub

Open-source, self-hosted secrets management for developers.

Stack: ts-rest | Express | React | PostgreSQL | Drizzle ORM | pnpm workspace

Quick Start

git clone https://github.com/idrsdev/oshrin.git
cd oshrin

cat > .env << EOF
JWT_SECRET=$(openssl rand -base64 32)
JWT_REFRESH_SECRET=$(openssl rand -base64 32)
ENCRYPTION_KEY=$(openssl rand -base64 32)
POSTGRES_PASSWORD=$(openssl rand -base64 16)
CORS_ORIGIN=http://localhost
VITE_API_URL=http://localhost:3000
VITE_AUTH_STRATEGY=HEADER_BASED
EOF

docker compose up -d

Open http://localhost

Development

pnpm setup                # install deps + copy .env files
pnpm dev:db               # start postgres
pnpm db:push              # create tables
pnpm dev                  # start all (shared + api + web)

Commands

pnpm dev                  # all services
pnpm dev:api              # API only
pnpm dev:web              # web only
pnpm build                # build all
pnpm type-check           # TypeScript validation
pnpm lint                 # lint API

# Database
pnpm db:push              # sync schema to local DB (dev only)
pnpm db:generate          # generate migration from schema changes
pnpm db:studio            # open Drizzle Studio

Structure

oshrin/
├── api/          # Express + ts-rest
├── shared/       # Shared types/contracts
├── web/          # React frontend
└── pnpm-workspace.yaml

Environment Variables

Required:

Variable Description
JWT_SECRET Access token signing key (32+ chars)
JWT_REFRESH_SECRET Refresh token signing key (32+ chars)
ENCRYPTION_KEY Master encryption key (backup this — loss = permanent data loss)
POSTGRES_PASSWORD Database password

Optional:

Variable Default Description
CORS_ORIGIN http://localhost Allowed CORS origin
AUTH_STRATEGY COOKIE_BASED HEADER_BASED or COOKIE_BASED
VITE_AUTH_STRATEGY HEADER_BASED Must match AUTH_STRATEGY
VITE_API_URL http://localhost:3000 API URL for the frontend
APP_URL http://localhost:8080 Used in email links

See api/.env.example for the full list including rate limits, timeouts, cookie settings, and resource limits.

Production

Critical:

  • Use HTTPS
  • Set CORS_ORIGIN to your domain
  • Match AUTH_STRATEGY and VITE_AUTH_STRATEGY
  • Use COOKIE_BASED auth with COOKIE_SECURE=true
  • Backup ENCRYPTION_KEY

Docker Images

Image Description
idrsdev/oshrin:api-latest API server
idrsdev/oshrin:web-latest Web UI 
# Build locally
docker build -t idrsdev/oshrin:api-latest -f api/Dockerfile .
docker build -t idrsdev/oshrin:web-latest -f web/Dockerfile .

Or use the GitHub Actions workflow (Actions → Build and Publish Docker Images → Run workflow).

API Documentation

Development only (disabled in production):

Docs

  • Architecture — system design, data model, auth, encryption
  • Database — Drizzle ORM workflow and migrations
  • Security — encryption details, limitations, vulnerability reporting
  • Privacy — data collection and storage
  • Terms — terms of service

License

MIT — Created by Malik Idrees (@idrsdev) • LinkedIn

About

Secret management tool

getoshrin.com/

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages