diff --git a/aliases/available/cryptography.alias.bash b/aliases/available/cryptography.alias.bash
new file mode 100644
index 00000000..d7700b2e
--- /dev/null
+++ b/aliases/available/cryptography.alias.bash
@@ -0,0 +1,6 @@
+# shellcheck shell=bash
+
+alias ep="encrypt-payload"
+alias dp="decrypt-payload"
+alias enc="encrypt-payload"
+alias dec="decrypt-payload"
diff --git a/clean_files.txt b/clean_files.txt
index 758e3b80..2ef709b3 100644
--- a/clean_files.txt
+++ b/clean_files.txt
@@ -100,6 +100,7 @@ plugins/available/battery.plugin.bash
 plugins/available/blesh.plugin.bash
 plugins/available/cmd-returned-notify.plugin.bash
 plugins/available/colors.plugin.bash
+plugins/available/cryptography.plugin.bash
 plugins/available/direnv.plugin.bash
 plugins/available/dirs.plugin.bash
 plugins/available/docker-machine.plugin.bash
diff --git a/plugins/available/cryptography.plugin.bash b/plugins/available/cryptography.plugin.bash
new file mode 100644
index 00000000..ca657f58
--- /dev/null
+++ b/plugins/available/cryptography.plugin.bash
@@ -0,0 +1,66 @@
+# shellcheck shell=bash
+
+function encrypt-payload() {
+	PAYLOAD=$1
+	KEY=$2
+	ALGO=${3:-aes-256-cbc}
+
+	# exit with message if payload is empty string
+	if [[ -z "$PAYLOAD" ]]; then
+		echo "[x] Payload is empty!"
+		return 1
+	fi
+
+	# create random key if not provided
+	if [[ -z "$KEY" ]]; then
+		KEY=$(echo "$RANDOM$RANDOM" | md5sum - | head -c 13)
+		echo "[!] Key not provided, therefore choosen a random string -> $KEY" 1>&2
+		echo "[!] To hide this message, provide the key as second argument or redirect stderr to /dev/null" 1>&2
+	fi
+
+	if [[ -f "$1" ]]; then
+		# if payload file then encrypt with -in
+		OUTFILE=$(mktemp)
+		if ! openssl enc "-$ALGO" -a -A -e -pbkdf2 -pass pass:"$KEY" -in "$PAYLOAD" -out "$OUTFILE"; then
+			echo "[x] Something went wrong!"
+			rm -rf "$OUTFILE"
+		else
+			echo "[+] Saved the encrypted file to '$OUTFILE'"
+		fi
+	else
+		# if payload file then encrypt with stdin
+		echo -ne "$1" | openssl enc "-$ALGO" -a -A -e -pbkdf2 -pass pass:"$KEY"
+	fi
+}
+
+function decrypt-payload() {
+	PAYLOAD=$1
+	KEY=$2
+	ALGO=${3:-aes-256-cbc}
+
+	# exit with message if payload is empty string
+	if [[ -z "$PAYLOAD" ]]; then
+		echo "[x] Payload is empty!"
+		return 1
+	fi
+
+	# create random key if not provided
+	if [[ -z "$KEY" ]]; then
+		echo "[x] Key is empty!"
+		return 1
+	fi
+
+	if [[ -f "$1" ]]; then
+		# if payload file then encrypt with -in
+		OUTFILE=$(mktemp)
+		if ! openssl enc "-$ALGO" -a -A -d -pbkdf2 -pass pass:"$KEY" -in "$PAYLOAD" -out "$OUTFILE"; then
+			echo "[x] Something went wrong!"
+			rm -rf "$OUTFILE"
+		else
+			echo "[+] Saved the decrypted file to '$OUTFILE'"
+		fi
+	else
+		# if payload file then encrypt with stdin
+		echo -ne "$1" | openssl enc "-$ALGO" -a -A -d -pbkdf2 -pass pass:"$KEY"
+	fi
+}