@startuml
actor User
participant Browser
participant API
participant S3
participant SQS
participant Browser2
actor Receiver
User-> Browser: Secret
Browser-> Browser: SecretId
note right: 16 chars\nrandomly generated
Browser-> Browser: Password
note right: 16 chars\nrandomly generated
Browser-> Browser: EncryptedSecret
note right: Secret is encrypted \nusing AES 256\nwith key Password\nthen encoded to Base64
Browser-> API: store(SecretId, EncryptedSecret, ExpiryTime)
API->S3:Put object of name \nSecretId, value \nEncryptedSecret
activate S3
API->SQS: create queue of \nname SecretId.fifo
activate SQS
API->SQS: send message with\nExpiryTime to queue
API->Browser: url (Password + SecretId)
Browser->User: url
User->Receiver: url
Receiver -> Browser2: decrypt url
Browser2 -> API: decrypt (SecretId, EncryptedSecret)
API->SQS: read ExpiryTime from queue SecretId.fifo
SQS->API: ExpiryTime
API->SQS: delete queue SecretId.fifo
deactivate SQS
API->S3: get EncryptedSecret\nfrom S3 bucket with\nobject name SecretId
note right: only if now is before ExpiryTime
S3->API: EncryptedSecret
API->S3:delete object with name SecretId
deactivate S3
API->Browser2: EncryptedSecret
Browser2->Browser2:decrypt
note right:EncryptedSecret is\nBase64 decoded\nand decrypted\nusing SecretId
Browser2->Receiver: Secret
@enduml