github HemmeligOrg/Hemmelig.app v7.0.0
on GitHub

latest release: v7.0.1
3 hours ago

Hemmelig v7.0 Release Notes

Release Date: December 5, 2025

⚠️ Breaking Changes - Fresh Start Required

v7 is a complete rewrite and is NOT backwards compatible with v6. Migration of existing data is not possible due to fundamental changes in encryption and authentication.

Component v6 v7
Encryption TweetNaCl AES-256-GCM with PBKDF2
Password Hashing Previous algorithm Updated secure hashing
Database Schema Previous schema New schema structure
Framework Express + React Hono + React + Vite

See Upgrade Guide for migration steps.

Features

Enhanced Security

  • Client-side AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations)
  • Zero-knowledge architecture - server never sees plaintext secrets or encryption keys
  • Two-Factor Authentication (2FA) with TOTP support and backup codes
  • API Key authentication for programmatic access (max 5 keys per user)

Webhook Notifications

  • Real-time HTTP POST webhooks for secret events
  • Events: secret.viewed, secret.burned, apikey.created
  • HMAC-SHA256 payload signing for security verification
  • Configurable per-event triggers

Organization Features

  • Invite-only registration with invite code management
  • Email domain restrictions - limit registration to specific domains
  • Require registered users - only authenticated users can create secrets

Privacy-Focused Analytics

  • Anonymous visitor tracking with HMAC-hashed IDs
  • Daily visitor statistics dashboard
  • Bot traffic filtering
  • No personal data stored

Social Login Providers

Support for 7 OAuth providers:

  • GitHub, Google, Microsoft (Azure AD)
  • Discord, GitLab, Apple, Twitter/X

Multi-Language Support

  • English, German, Spanish, French, Italian, Chinese
  • Full i18n coverage for all UI elements

Modern UI/UX

  • Complete redesign with Tailwind CSS
  • Light and dark mode support
  • Rich text editor with TipTap
  • QR code generation for easy sharing
  • Mobile-responsive design

Instance Settings

  • Important Message Alert - Display announcements to all users
  • Configurable default secret expiration
  • Max secret size limits
  • Rate limiting controls
  • Password protection and IP restriction toggles

Technical Improvements

Stack Modernization

  • Backend: Hono with RPC mode for type-safe API
  • Frontend: React 18 + Vite + TypeScript
  • Database: SQLite with Prisma ORM
  • Auth: better-auth for session management
  • State: Zustand for lightweight state management

API Enhancements

  • OpenAPI 3.0 specification with Swagger UI at /api/docs
  • Type-safe API client generation
  • Comprehensive REST endpoints for secrets, users, and admin functions

Developer Experience

  • API keys for programmatic access
  • Interactive API documentation
  • Helm chart for Kubernetes deployment

Deployment

Docker (Recommended)

docker run -d \
  --name hemmelig \
  -p 3000:3000 \
  -v hemmelig-data:/app/database \
  -v hemmelig-uploads:/app/uploads \
  -e DATABASE_URL="file:/app/database/hemmelig.db" \
  -e BETTER_AUTH_SECRET="$(openssl rand -base64 32)" \
  hemmeligapp/hemmelig:v7

Required Environment Variables

Variable Description
DATABASE_URL SQLite connection string
BETTER_AUTH_SECRET Secret key for authentication (min 32 chars)

See Environment Variables for full configuration reference.

Documentation

  • Docker Deployment
  • Helm Chart
  • Environment Variables
  • Social Login Setup
  • Webhooks
  • API Documentation
  • Upgrade from v6

Thank You

Thank you to all contributors and users who have supported Hemmelig. Your feedback and contributions make this project possible!

Check out latest releases or
releases around HemmeligOrg/Hemmelig.app v7.0.0

Don't miss a new Hemmelig.app release

NewReleases is sending notifications on new releases.

Get notifications