Whisper is used to securely distribute credentials that are too sensitive to send via plaintext.
Python HTML JavaScript Nginx CSS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



Whisper is used to securely distribute credentials that are too sensitive to send via plaintext.


The data is entered and encrypted with AES using a supplied password. A link is created and can be sent to the other party, and the password can be provided to them by other means such as instant messaging or a phone call. The data can be set to delete after one viewing, one hour, one day, or one week. Any data will be deleted at a maximum of 30 days regardless of if it was retrieved. DynamoDB is used to store the data.

All encryption is done client-side, so no data is transmitted in plaintext. The only data stored in the DynamoDB table is the encrypted text, salted SHA256 hash, ID number, and date of expiration and creation.



The Docker image is available on Dockerhub:


Run the docker image:

    docker run --name whisper \
        -p 8000:8000 \
        -e SECRET_KEY=thi\$1smyC00L5ecr3t \
        -it viyh/whisper

DynamoDB Table

Create a DynamoDB table with a primary key of "id" (string). By default, this table should be named "whisper" but can be renamed if the DYNAMO_TABLENAME is set.

AWS Credentials

Setup an AWS user with read/write access to the DynamoDB table. The following policy can be used to create the least permissions necessary:

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": [

The AWS credentials with access to the DynamoDB table can be supplied by either binding a ".aws" directory to "/root/.aws" or by setting the appropriate environment variables below.

For example:

    docker run --name whisper -p 8000:8000 -v $(pwd):/root/.aws -it viyh/whisper

Or with environment variables:

    docker run --name whisper -p 8000:8000 \
        -e AWS_DEFAULT_REGION=us-east-1 \
        -e SECRET_KEY=thi\$1smyC00L5ecr3t \
        -it viyh/whisper

Environment Variables

Any of these defaults can be overridden when running the Docker container.

  • WEB_URL - Default: http://localhost:8000 - The URL that links use.
  • WEB_PORT - Default: 8000 - The port for the WSGI service.
  • SECRET_KEY - Default: random, you should set this. - The secret key used when salting the password hashes specific to this container.
  • DYNAMO_TABLENAME - Default: whisper - The name of the DynamoDB table.
  • AWS_ACCESS_KEY_ID - Default (none) - The access key for AWS access.
  • AWS_SECRET_ACCESS_KEY - Default (none) - The secret key for AWS access.
  • AWS_DEFAULT_REGION - Default: (none) - The region with the DynamoDB table.
  • DEBUG - Default: False - Turn on debugging.


Browse to the WEB_URL, such as http://localhost:8000 by default.

Enter the text data to be secured and a password used to encrypt it. After the "Get link" button is clicked, a URL is created which can be sent via any plaintext method. The password can also be given to the recipient but should be transimitted via a different means, such as on the phone or instant message.

The recipient can browse to the link and enter the password to retrieve the text data.



Joe Richards nospam-github@disconformity.net


MIT License