Skip to content

The Origin Story

As with every engineers' story, I had a problem, a technical itch to scratch and an ambition.

The 'Problem Statement'

Throughout my career — and especially as a Security Professional - I've constantly found myself needing to send sensitive data to colleagues or third parties quickly and easily, without ever compromising security.

We’ve all seen it: passwords, config files, access tokens… copy-and-pasted straight into Teams, Slack, or Outlook. Most people don’t realise that with APIs like Microsoft Graph, simply signing into the wrong third-party app can expose all the data you have access to.

As a Security Professional, that terrified me.

I looked around. There are plenty of tools trying to solve this: Keybase, GnuPG, magic-wormhole, and even commercial services like WeTransfer to an extent.

But none of them worked for what I needed. I needed something I could trust, something asynchronous, and something I could use effortlessly from any command line.

The problem with these tools are they often require;

  • No command-line support
  • Accounts to be set up
  • Recipients required to already be a member
  • Key exchanges happen manually
  • A lack of chain of trust
  • Typically either Web or Graphical User interface-based apps
  • Advanced technical command-line knowledge needing high level of knowledge
  • Man-in-the-middle attacks possible

The Idea

Abstract the complexities and Be able to send any secret or file of any type or size to any recipient straight from the command-line that enforced strict and transparent encryption.

The Challenges & Requirements

I wanted the tool to be something:

  • Cross-platform, Cross-Architecture — build once, run anywhere
  • Easy to distribute — easily installable via package managers and keep it updated
  • Self-contained — Keep it simple with minimal dependencies, zero ceremony
  • CLI-first — because that's where I and my peers spend most of our time
  • Familiar Feel - Should be as easy to use as the something like curl, wget, yq or more sophisticated tools like Docker command-line tool

This wasn't about reinventing cryptography. It was about building a tool that made secure file transfer obvious, transparent, and practical.

The Solution

So I set out to build a modern command-line tool with:

  • Familiar, ergonomic UX inspired by today's best command-line tools i.e. kubectl, docker-cli, helm etc.
  • Strict, enforced but seamless encryption
  • A trust model based on something everyone already has

Which leads to the key question:

Why Base It on an Email Address?

An email address is:

  • Globally Unique
  • Domain-Anchored, giving implicit organisational context
  • Owned by a single person
  • Federated across identity providers that can leverage MFA, SSO, and enterprise identity controls

Email provides a lightweight but meaningful layer of trust — without requiring a central account system or complicated onboarding.

It's universal.
It's simple.
It works everywhere.

Get Started Now

Head over to the Quick Start guide to start sending secrets and let me know how it goes.