OneScan – Secure QR-based One-Time Access Token Sharing

OneScan is a CLI tool that generates a unique, encrypted, one-time-use QR code to securely deliver an API key or secret token.
The receiver scans the QR code, retrieves the value once, and the server automatically invalidates the token.

Perfect for secure device pairing, API key sharing, DevOps credential handoff, secure passwordless login flows, and internal secure team operations.

✨ Features

• 🔐 AES-256-CBC encrypted delivery
• 🧠 One-time access (auto invalidation)
• 📱 QR code generation (qr_key.png)
• 🌍 Cloud backend for secure retrieval
• 🛑 Auto expiration after first read
• 📦 Zero persistence (in-memory only)
• 🦾 Offline-friendly workflow

📦 Installation

Global Install

npm install -g onescan

Run without installing

npx onescan "<API_KEY>"

🚀 Usage

onescan "MY-SECRET-API-KEY-123456"

Example CLI Output

🔐 Sending token securely to OneScan server...

🔗 Scan URL: https://onescan-kior.onrender.com/key/bd92f82e71c3a01c

📱 QR Code saved as: qr_key.png 📤 Scan this QR using your phone camera or any scanner.

🔑 What the Receiver Sees

🔑 Retrieved key: MY-SECRET-API-KEY-123456

If someone tries again: ❌ Key expired or already used.

🧠 How It Works

Client CLI → POST /generate on cloud server Server encrypts token → stores encrypted blob temporarily Server returns: { url, qr-code-base64 } CLI saves QR image Scan triggers GET /key/:id → decrypt → return token → destroy