Introducing Whisper

Introducing Whisper

Edwin Schmierer | Friday, Oct 1, 2021 |  Security

Imagine you have a new engineer joining your team and you need to provide passwords for access to critical systems. Or you need to send a sensitive file to a client. Or you need to share encryption keys with a team member. What do you do?

You might text a password or key (hopefully using Signal since it uses end-to-end encryption), but that won’t work for lengthy keys, files, or large docs. You might write it on a piece of paper or place it on a thumb drive, but both are limited by proximity, which frankly doesn’t work too well when remote work has become the norm. Or you might email it but that exposes several security risks. What if the recipient forwards it or is hacked or never deletes the message so it remains indefinitely in their inbox? How secure is email, really? If you’re using a popular free email service, the Terms of Service may give the provider limited permissions to access your data.

Whisper: A Secret-Sharing Utility

We encounter these issues at Rotational everyday, so we created a secret-sharing utility called Whisper. As a remote and global-first team by design, Whisper demonstrates our desire at Rotational Labs to build collaboration tools with security-first principles in mind. Users can securely share and control access to confidential information such as passwords, documents, config files, keys, and certificates across an organization. Senders can limit access attempts, set an expiration time (e.g. 5 minutes to 7 days), and/ or require a password to access the secret while recipients can destroy secrets once accessed.

Whisper leverages Google Secret Manager to provide a convenient interface for the kinds of secure information transfer use cases we routinely encounter. These use cases include onboarding new employees, sharing data with clients and vendors, and securing internal communications on engineering teams.

We’ve open-sourced Whisper, meaning you can check it out to ensure it satisfies your organization’s protocols, or even create your own implementation. Alternatively, Rotational offers low-cost hosting solutions.

Stay tuned for an upcoming post about the technical details under the hood. For now, please try Whisper and send feedback to info@rotational.io.

Photo by Kent Pilcher on Unsplash

About This Post

Shhh..there's a better way to share secrets. Introducing Whisper, our secret-sharing utility.

Written by:

Edwin Schmierer

Share this post:

Recent Rotations butterfly

View all

PubSub 101 - Creating Data Flows With Topics

If you struggle to build analytics and models that keep up with changing data, it might be because you haven’t yet learned to think about data in terms of topics. In this module, learn how by solving a real-world, real-time problem!

Patrick Deziel
Nov 22, 2023

Building Real-Time Apps in Python with Ensign and Streamlit

Python may be the 2nd best language for everything, but it’s a favorite of data scientists worldwide, and delivers a world of functionality. Did you know you can even build customer-facing AI/ML apps with Python now? Learn how…

Prema Roman
Nov 20, 2023

PubSub 101 - Using the PyEnsign SDK

The Python SDK is the most popular way to use Ensign. In this module you will write some Python code to publish data to your project.

Patrick Deziel
Nov 17, 2023
Enter Your Email To Subscribe