Zero-Knowledge File Gateway
End-to-end encrypted file gateway as a SaaS — the server never sees plaintext.
- Fastify
- PostgreSQL
- Redis
- BullMQ
- TypeScript
Status & progress
Completed
- Backend core & API
- Zero-knowledge encryption
- Auth, roles & sessions
- Asynchronous upload pipeline
Open / next steps
- Web frontend
- Desktop client
- Public beta
Starting point
Sensitive documents needed to be shared between parties without the operator ever having access to the contents. Classic cloud storage does not meet that bar — providers could technically read along.
Solution
A gateway where encryption and decryption happen exclusively on the client. The server only stores ciphertext and metadata and never knows the keys. Authentication, roles and sessions run through a hardened auth layer; upload processing goes through an asynchronous job queue.
- Zero-knowledge architecture — keys never leave the client.
- Asynchronous pipeline for virus scanning, thumbnailing and expiry policies.
- Audit trail without content access, designed to be GDPR-compliant.
Result
A production-ready backend core that guarantees confidentiality while still offering the usual SaaS convenience (links, expiry dates, roles).
Sounds like something you need too?
Start a project