Ad hoc, securely

Doocot lets you share ad-hoc sensitive data, securely. Stashing a value provides a unique link you can share, keeping your actual data secure.

 

Shun sensitive data in insecure places

Desire Lines

We all prefer straightforwardness. Copy-paste feels like the natural way to share small things. Because we all do it, let's try to do it securely.

Good security just works, without reciting five incantations while balancing on one leg. Overly onerous processes drive people to overly lax behaviours.

Senstive Data

Sensitive data is not Schrödinger's cat. It very much lives on after you stop seeing it. In chat history, in Sent Items, in CI/CD logging, in backups.

Infrastructure today can be convoluted. The complexity of secrets managers and vault products are a barrier to securely sharing ad-hoc sensitive data.

Develop Good Culture

Company culture is a by-product of day to day behaviours. Without the right tools it's hard to do the right thing.

You can begin today, and do the small things better. Your co-workers don't need any setup to retrieve your data, just send them the stashed url.

The nitty-gritty

Privacy First

Each piece of data has a unique decryption key, which we do not store. Only a key holder with the right key can access the right data.

Never Backed Up

Wild sales pitch, right? Your expired data will not persist here. One of the few times when not doing backups is the right thing.

Automation Friendly

The doocot cli tool has flags -create and -json, making it easy to integrate with your CI/CD tasks.

FreeBSD

Security has higher confidence when things are simple. FreeBSD and its jails are pretty simple and easy to reason about. Thats why we use it.

Go

The technology is implemented in Go. Its generous standard library allows us to avoid any 3rd party supply-chain exposure.

Human Friendly

Use -words to generate a passphrase you can communicate over a voice call. Aussi en français, y en español, und auf deutsch.

Terminal 


$ doocot get -raw ask-digital-bunker-song | jq
{
  "meta": {
    "created": 1740666155,
    "expires": 1740667055,
    "once": false
  },
  "encryption": {
    "algorithm": "AES",
    "mode": "GCM"
  },
  "scrypt": {
    "salt": "U/9aXAOoexQ=",
    "n": 1048576,
    "r": 16,
    "p": 1,
    "key_length": 32
  },
  "encrypted_data": "c+FgcKxgb/u919SzAjfoBjixSzC7bYXynu+p/8INbL9C0Upjw81Wkt5yXOnjjxNSRKi4kLff0SydUWXc"
}

This is the raw data we store. You can decrypt it yourself, using standard-ish tools.

Compare

Individuals

(free)

  • Fair usage policy
  • Up to 100 bytes per secret
  • 15 minute expiry
Get Started

SaaS

(£30/month)

  • Managed infrastructure
  • Isolated secure instance
  • Unlimited users @yourdomain
  • Up to 1 Mb per secret
  • Up to 60 minute expiry
Coming Soon

Enterprise

(£50/month)

  • Subscription via Marketplaces
  • AWS, GCP, Azure, Kubernetes
  • Monthly billing
  • Unlimited users
  • Secured FreeBSD image
  • Up to 10 Mb per secret
  • Up to 24 hour expiry
Coming Soon