feat: rebrand Hemmelig to paste.es for cloudhost.es

- Set Spanish as default language with ephemeral/encrypted privacy focus - Translate all user-facing strings and legal pages to Spanish - Replace Norwegian flag with Spanish flag in footer - Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship - Rewrite PrivacyPage: zero data collection, ephemeral design emphasis - Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references - Update PWA manifest, HTML meta tags, package.json branding - Rename webhook headers to X-Paste-Event / X-Paste-Signature - Update API docs title and contact to paste.es / cloudhost.es Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00
commit bc9f96cbd4
268 changed files with 45773 additions and 0 deletions
--- a/cli/README.md
+++ b/cli/README.md
@@ -0,0 +1,146 @@
+# hemmelig
+
+CLI and library for creating encrypted, self-destructing secrets via [Hemmelig](https://hemmelig.app).
+
+```
+ _   _                               _ _
+| | | | ___ _ __ ___  _ __ ___   ___| (_) __ _
+| |_| |/ _ \ '_ ` _ \| '_ ` _ \ / _ \ | |/ _` |
+|  _  |  __/ | | | | | | | | | |  __/ | | (_| |
+|_| |_|\___|_| |_| |_|_| |_| |_|\___|_|_|\__, |
+                                         |___/
+```
+
+## Features
+
+- **Client-side AES-256-GCM encryption** - Your secrets are encrypted before leaving your machine
+- **Zero-knowledge** - The server never sees your plaintext secrets
+- **Self-destructing** - Secrets auto-delete after views or expiration
+- **Password protection** - Optional additional security layer
+- **Works with any Hemmelig instance** - Use hemmelig.app or self-hosted
+
+## Installation
+
+```bash
+npm install -g hemmelig
+```
+
+Or use with npx:
+
+```bash
+npx hemmelig "my secret"
+```
+
+## CLI Usage
+
+```bash
+# Create a simple secret
+hemmelig "my secret message"
+
+# With a title and custom expiration
+hemmelig "API key: sk-1234" -t "Production API Key" -e 7d
+
+# Password protected
+hemmelig "sensitive data" -p "mypassword"
+
+# Multiple views allowed
+hemmelig "shared config" -v 5
+
+# Pipe from stdin
+cat config.json | hemmelig -t "Config file"
+echo "my secret" | hemmelig
+
+# Use a self-hosted instance
+hemmelig "internal secret" -u https://secrets.company.com
+```
+
+### Options
+
+| Option                  | Description                                            |
+| ----------------------- | ------------------------------------------------------ |
+| `-t, --title <title>`   | Set a title for the secret                             |
+| `-p, --password <pass>` | Protect with a password                                |
+| `-e, --expires <time>`  | Expiration: 5m, 30m, 1h, 4h, 12h, 1d, 3d, 7d, 14d, 28d |
+| `-v, --views <number>`  | Max views (1-9999, default: 1)                         |
+| `-b, --burnable`        | Burn after first view (default)                        |
+| `--no-burnable`         | Don't burn until all views used                        |
+| `-u, --url <url>`       | Base URL (default: https://hemmelig.app)               |
+| `-h, --help`            | Show help                                              |
+| `--version`             | Show version                                           |
+
+## Library Usage
+
+```typescript
+import { createSecret } from 'hemmelig';
+
+const result = await createSecret({
+    secret: 'my secret message',
+    title: 'API Key',
+    expiresIn: '1h',
+    views: 1,
+    burnable: true,
+    baseUrl: 'https://hemmelig.app', // optional
+});
+
+console.log(result.url); // https://hemmelig.app/secret/abc123#decryptionKey=...
+console.log(result.id); // abc123
+```
+
+### API
+
+#### `createSecret(options: SecretOptions): Promise<CreateSecretResult>`
+
+Creates an encrypted secret on a Hemmelig server.
+
+**Options:**
+
+| Property    | Type            | Default                  | Description                   |
+| ----------- | --------------- | ------------------------ | ----------------------------- |
+| `secret`    | `string`        | required                 | The secret content to encrypt |
+| `title`     | `string`        | -                        | Optional title                |
+| `password`  | `string`        | -                        | Password protection           |
+| `expiresIn` | `ExpirationKey` | `'1d'`                   | Expiration time               |
+| `views`     | `number`        | `1`                      | Max views (1-9999)            |
+| `burnable`  | `boolean`       | `true`                   | Burn on first view            |
+| `baseUrl`   | `string`        | `'https://hemmelig.app'` | Server URL                    |
+
+**Returns:**
+
+| Property    | Type     | Description                   |
+| ----------- | -------- | ----------------------------- |
+| `url`       | `string` | Full URL to access the secret |
+| `id`        | `string` | The secret ID                 |
+| `expiresIn` | `string` | The expiration time set       |
+
+## CI/CD Integration
+
+### GitHub Actions
+
+```yaml
+- name: Share deployment credentials
+  run: |
+      SECRET_URL=$(npx hemmelig "${{ secrets.DEPLOY_KEY }}" \
+        -t "Deployment Key" \
+        -e 1h)
+      echo "Secret URL: $SECRET_URL"
+```
+
+### GitLab CI
+
+```yaml
+share-secret:
+    script:
+        - SECRET_URL=$(npx hemmelig "$DB_PASSWORD" -e 4h)
+        - echo "Secret URL: $SECRET_URL"
+```
+
+## Security
+
+- All encryption happens locally using AES-256-GCM
+- Keys are derived using PBKDF2 with 600,000 iterations
+- The decryption key is in the URL fragment (`#decryptionKey=...`), which is never sent to the server
+- The server only stores encrypted data
+
+## License
+
+MIT