Skip to content

anxhukumar/hashdrop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

181 Commits
.github
.github
 
 
cli
cli
 
 
docs
docs
 
 
scripts
scripts
 
 
server
server
 
 
.gitignore
.gitignore
 
 
Caddyfile
Caddyfile
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Hashdrop

CI Go Version Encryption CLI License

A zero-trust, command-line file storage tool built in Go. Files are encrypted on your device before upload — the server and storage layer only ever see encrypted blobs. Your plaintext data never touches the server.

Demo

How It Works

  1. Encrypt locally — files are encrypted on your machine before anything leaves it
  2. Upload safely — only the encrypted blob reaches cloud storage (AWS S3)
  3. Share a link — recipients get a signed download URL to access the encrypted file
  4. Decrypt on their end — the recipient uses the shared key or passphrase to decrypt and verify the file

Features

  • Client-side AES-GCM encryption — each file gets its own unique Data Encryption Key (DEK)
  • Token-based authentication — JWT access tokens with revocable refresh tokens
  • Integrity verification — plaintext hash stored at upload time so tampering can be detected
  • Local vault — encryption keys stored in an AES-GCM encrypted vault at ~/.hashdrop/vault.enc
  • Passphrase mode — opt out of the vault and manage your own passphrase instead

Architecture

Hashdrop system architecture diagram

Hashdrop has two main components:

CLI — a Go Cobra-based client that handles encryption, uploads, downloads, decryption, and local key and token management.

API Server — a Go HTTPS server running on AWS EC2 behind a reverse proxy. It handles authentication, file metadata, presigned S3 upload URLs, signed CloudFront download URLs, and abuse prevention.

For a full breakdown see the Architecture doc.

Installation

go install github.com/anxhukumar/hashdrop/cli/cmd/hashdrop@latest

See the Installation guide for full setup instructions and troubleshooting.

Quick Start

# Register and verify your account
hashdrop auth register

# Log in
hashdrop auth login

# Upload a file
hashdrop upload ./secret.pdf

# List your files
hashdrop files list

# Decrypt and download a file
hashdrop decrypt <download-url>

See the CLI Usage guide for the full command reference.

Tech Stack

  • Go — server and CLI
  • AWS EC2 — server hosting
  • AWS S3 — encrypted object storage
  • AWS CloudFront — signed URL delivery
  • AWS SES — OTP email delivery
  • SQLite — embedded metadata storage
  • sqlc — type-safe SQL query generation
  • Caddy — reverse proxy and HTTPS termination

Documentation

Full documentation is available at hashdrop.dev.

License

Copyright 2026 Anshu Kumar

Licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

About

A zero-trust, command-line tool for secure file storage and sharing.

hashdrop.dev/

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Contributors

Languages