This is a service that makes it easy to share ad-hoc sensitive data, securely. It is built in the Unix style, as a tool that does one thing well but is designed to play well with others.
"Can you just send me ...?" It must be one of the most common messages between tech coworkers on Slack. Particularly under the time pressure of modern commercial development. We frequently share sensitive data to get daily work done.
Personally identifiable information (PII), passwords, api keys, tokens, etc, are rightly locked down by legal and compliance rules. But the more effort it takes to retrieve a secret the more likely it will be shared locally to save time.
I’ve done this too, despite feeling uncomfortable. There just isn’t an easy way to share ad-hoc data securely. So desire lines form. Slack, Teams, Outlook.
Starting from an empty command prompt it's incredibly difficult for Alice to share a secret with Bob in a secure and compliant way.
Working knowledge of openssl is rare these days. Setting up a secret in AWS SSM isn't quick, relies on IAM permissions, and needs subsequent removal. Like Hashicorp Vault, SSM is not designed for ad hoc sharing.
Slack, Teams, Outlook, etc, are all a compliance no-no. But they sit at the appealing end of the friction scale in our go-fast dev culture. Particularly when sharing with someone in a different company.
In the mix too, browser password managers with retro-fitted team sharing features. Overlooking their data breaches, the friction with these tools is still high.
The itch I had to scratch was clear. Make sharing ad-hoc data as secure and compliant as AWS SSM, but as easy as Slack.
There is much more to do, but I think doocot is coming from the right place. A simple yet secure method of sharing, requiring zero administration. Which can be self-hosted on private networks, with no need to phone-home.
Doug, HEAD -> origin/doocot.sh, 02 Mar 2025