It's a secure box for your secrets.
Only you can get the files you put in.
The primary directive of the app is to protect data at rest at any cost.
It is built as a response to cloud storage threats: all data remain local under
your control.
It is engineered to withstand a full host compromise — including illicit
filesystem access or even the physical loss of the device. Without the secret
key, an attacker may read encrypted data on disk but cannot reconstruct the
originals. Neither thieves, hackers, governments, nor AI can access your data.
First privacy, then everything else
Installed on any preferred hardware and works locally with role-based access.
Stored files remain secure and fully protected from external interference.
Isolated
workspace
No internet required. There is no implicit data traffic, analytics collection, cloud services, or AI.
Protected
storage
Stored data is fully encrypted and managed only through the REST API with authentication.
Restricted
access
Role-based access minimizes accidental
or malicious data modification and loss.
Multi-factor
authentication
Multi-factor authentication with one-time codes
is used as an additional line of defense.
Strong inside, simple outside
Comes with a default web client for immediate use, while the core remains open for seamless replacement with a custom frontend at any time.
Not just storage — a fortress within
Files are encrypted, filenames are obfuscated, and metadata is hidden by-design.
Even if storage is stolen or exposed, without the key data remains unreadable.
1
Upload gateway
Uploaded files are routed to storage that is protected by gocryptfs.
2
Automated encryption
The gocryptfs cipher enforces encryption for all data written inside.
3
Masked filenames
File and folder names are transparently obfuscated and unreadable.
4
Shielded metadata
Database, revisions, and thumbnails persist entirely in the storage.
5
Secret-key protection
Encrypted data is exposed but cannot be decrypted without the secret key.
Treat data gently
Built-in mechanisms preserve data consistency and
prevent accidental corruption within storage.
Version
history
With head-based versioning, the latest file state is the head; earlier revisions are retrievable.
Per-file
metadata
Includes file metadata, descriptions, automatic thumbnails, cross-field search.
Smart
locks
Flexible locking protects files from accidental corruption under multi-user access.
Read-only
mode
When read-only mode is enabled for a folder, files within it cannot be modified.
Many eyes, few hands
Predefined roles control who can view, add, or edit content.
This protects sensitive data while enabling collaboration.
Reader
Can only view existing data. Cannot create, change, or delete anything.
Author
Can view and create data, but cannot change or delete anything.
Editor
Can view, create and change data, but cannot delete anything.
Admin
Any operations on data and service functions are available.
To protect at any cost or destroy forever
All operations rely on a secret key. If it's extracted, access is instantly disabled.
Deleting files irreversibly removes their metadata, revisions, and thumbnails.
Secret key
protection
A single secret key governs access. If extracted, it
instantly locks all data, making it inaccessible. It
can be hot-removed without restarting the app.
Irreversible
deletion
Deletions irreversibly wipe files, revisions, and thumbnails, preventing post-deletion recovery (consider the specifics of SSD/CoW).
Pure logic, clear mechanics
The core follows a clean, predictable internal logic — built on a microkernel pattern that allows full extension through add-ons.
The app ships with a default web client, which can be swapped out for a custom one. Both interact with the public API.
The public API serves as the unified point for all actions with the data. It operates only when the secret key is mounted.
The secret key is generated randomly on first launch. It is kept in a dedicated volume which can be hot-unmounted without stopping the app.
The storage is built on a zero-knowledge model: it manages encrypted files without knowing their contents. The encrypted-data volume is available for migrations and emergency recovery; without the secret key it is just opaque blobs.
One app that adapts to you
Run it solo, share with a team, or integrate as a secure data node.
Or combine these modes seamlessly to match your workflow.
Standalone
The app can be installed on a personal computer
or laptop and used by a single user.
Teamwork
Multiple approved users can access the app when it
is installed on a device used within a local network.
Repository
Third-party programs or services can utilize the app's
API to manage data from extra sources.
Third-party software welcome
The app integrates seamlessly with accounting systems, help desks,
external scripts, bots, and other third-party software and services.
REST API documentation (Swagger UI) is available at http://localhost/docs for interactive browsing and testing.
Two-step authentication with full support for MFA one-time passwords using standard authenticator apps.
Users can be registered, have their personal information updated, their access rights managed, and their profile pictures uploaded, ensuring that all standard user operations are supported.
Folders allow organizing files into a clear, hierarchical structure for easier navigation and management. The folder structure is flat; nested folders are not supported.
Files can include an additional summary and custom tags for faster search and filtering. When a file with the same name is uploaded again, it is not simply overwritten — a new revision is created and the full history of changes is preserved.
What's under the hood
The project is based on stable and widely adopted technologies,
making it easy to maintain, extend, and customize when needed.
Fully async
framework
Powered by FastAPI to deliver fully asynchronous performance.
Reliable
encryption
gocryptfs keeps data encrypted and unreadable without the secret key.
Lightweight
database
Backed by SQLite for lightweight, file-based storage — no external DB.
Rapid
cache
Redis in-memory cache boosts speed and reduces database load.
FastAPI, gocryptfs, SQLite, and Redis are trademarks of their respective
owners. Use is for identification only and does not imply endorsement.
Questions and answers
How to change the location of the secret key?
The secret key can be stored at any path accessible to the app — for example,
a network folder, USB drive, or any local directory. To change the default
location, update the GOCRYPTFS_PASSPHRASE_PATH variable in the .env file,
move the secret key to the new path and restart the app.
How to restore the secret key?
It cannot be restored if lost. Make sure you have a copy of the secret key stored
in a safe place — losing it means losing access to all data.
How to migrate data between apps?
To migrate data, you'll need two things: the encrypted data (volume hidden-data),
and the secret key (volume hidden-secrets).
Copy the contents of both volumes to a new place and restart the app.
How to integrate the app in existing workflow?
The app provides a public HTTP API.
You can use the API to create, read, update, and delete data, manage files, or trigger specific operations from external systems.
Integration can be performed using any language or tool that supports HTTP requests.
