feature request: decrypt only / restrict who can encrypt?

[cloud-aware]

I successfully deployed yopass to S3/Lambda - but was wondering - is there an easy method of restricting who can encrypt new secrets while allowing anyone to decrypt?

[semaja2]

+1 on this, to expand on a use case, this would prevent the tool being abused as a phising vector

Eg. malicious actor encrypts a message with malware download link etc, then uses the encrypted message hosted on the companies portal to look legit

[cloud-aware]

fwiw we made some modifications to the code to make a unique URI/location for the encrypt (CreateSecret and Upload) as a workaround solution for now. Probably not fully obfuscated, but makes it more difficult (these are example GUIDs and not the ones I actually used):

in website/src/Routing.tsx:

import { Route, Routes } from 'react-router-dom';

import CreateSecret from './createSecret/CreateSecret';
import DisplaySecret from './displaySecret/DisplaySecret';
import Upload from './createSecret/Upload';

export const Routing = () => {
  return (
    <Routes>
      <Route path="/cbf916be-a754-454a-bbe3-a6e0d0734d15" element={<CreateSecret />} />
      <Route path="/c64f368b-2fc2-4517-ac25-3e12a85073aa/upload" element={<Upload />} />
      <Route path="/:format/:key/:password" element={<DisplaySecret />} />
      <Route path="/:format/:key" element={<DisplaySecret />} />
    </Routes>
  );
};