Magic Wormhole¶

Sometimes we need to securely send some files / information to other team member. It could be a public key cert, credentials, a ssh cert, an .env or config file. One of the most reliable and easy ways to do it is using Magic Wormhole. It's an amazing piece of engineering and it's mandatory to use it so we can keep ourselves safe. It's completely forbidden to share credentials over slack, whatsapp, etc.. See how twitter got hacked.

Wormhole is a CLI tool that easily allows you to send and receive files.

# installing
$ sudo apt install magic-wormhole

# sending a file
$ wormhole send credentials.txt

Sending 1.1 kB file named 'credentials.txt'
Wormhole code is: 14-indigo-ruffled
On the other computer, please run:

wormhole receive 14-indigo-ruffled

# receiving the file
$ wormhole receive 14-indigo-ruffled

Receiving file (1.1 kB) into: credentials.txt
ok? (y/N): y
Receiving (->tcp:192.168.0.146:39563)..
100%|█████████████████████████████████| 1.06k/1.06k [00:00<00:00, 5.20kB/s]
Received file written to credentials.txt

Further info and documentation can be found here and here.

Other clients¶

You can find a GUI based clients for Windows and Osx in this link.

Alternatives¶

As an alternative WebWormhole can be used. It's not compatible with magic-wormhole as it uses WebRTC but the model and implementation is secure as the previous one. It can be used from the web as well as the terminal. It also has a great GUI to transfer from your PC to/from your phone. See this review