Hoodik is a lightweight, self-hosted cloud storage solution built with Rust and Vue.js that prioritizes end-to-end encryption to protect user data from server-side access. Designed for privacy-conscious individuals and teams, it encrypts files on the client side before upload and decrypts them only on the recipient’s device. Unlike traditional cloud storage services, Hoodik ensures that even administrators cannot access file contents — only encrypted metadata and encrypted keys are stored on the server. This makes it ideal for users who need to store sensitive documents, personal backups, or share files securely without relying on third-party cloud providers. The app supports both SQLite and PostgreSQL backends, offers a web-based interface for file management, and includes features like public file links with encrypted key sharing.
What You Get
- End-to-end encryption - Files are encrypted with AES-128a (Ascon) on the client before upload; only encrypted chunks and encrypted AES keys are stored on the server. Decryption occurs solely on the user’s device.
- Hybrid RSA-AES encryption - Each user gets a 2048-bit PKCS#1 RSA key pair. The AES file key is encrypted with the user’s public key and stored securely, ensuring only the owner (with passphrase) can decrypt files.
- Secure public file sharing - Shared links encrypt file metadata and the original AES key with a temporary link key, which is itself encrypted with the owner’s RSA key. The link key is never stored on the server and must be provided via URL fragment or client input.
- Searchable encrypted metadata - File names and metadata are tokenized, hashed, and stored as tokens. Searches perform the same transformation locally to match encrypted data without exposing plaintext.
- Chunked file storage - Files are split into chunks, each encrypted individually to enable concurrent uploads/downloads and reduce encryption overhead.
- Server-side fallback encryption - Optional server-based decryption is available for low-power devices, though it’s intended as a rare exception to maintain E2E security.
- Docker-based deployment - Easy containerized setup with configurable environment variables for data directory, SSL certificates, and SMTP mailer integration.
Common Use Cases
- Building a private cloud backup system - Users with sensitive personal documents (tax records, medical files) use Hoodik to back up data without trusting cloud providers with plaintext.
- Sharing confidential files securely - Legal or healthcare teams share encrypted documents via public links without exposing file keys, ensuring compliance with data protection regulations.
- Privacy-focused individuals avoiding Google Drive/OneDrive - Users concerned about corporate surveillance or data mining replace commercial cloud services with a self-hosted, encrypted alternative.
- DevOps teams managing internal file transfers - Teams deploying Hoodik internally use it for secure, auditable file sharing between developers and QA teams without exposing files to external servers.
Under The Hood
The Hoodik project is a full-stack web platform that combines Rust-powered backend services with a Vue.js and TypeScript frontend, emphasizing security, modularity, and developer experience. It provides a comprehensive solution for authentication, configuration management, and file handling with a focus on performance and extensibility.
Architecture
This project adopts a monolithic architecture with clear separation of concerns, structured around Rust crates and a layered system design.
- The backend is organized into modular Rust components that encapsulate functionality such as authentication, configuration, and encryption
- The frontend uses Vue.js with TypeScript to deliver a responsive UI that integrates seamlessly with backend services
- A layered approach is evident in how modules interact, supporting scalable and maintainable code organization
Tech Stack
Built with a multi-language approach, the system leverages modern tools and frameworks to support robust and scalable development.
- The backend is powered by Rust, utilizing Actix Web for HTTP handling and JWT for secure session management
- The frontend is developed using Vue.js and TypeScript, ensuring type safety and a dynamic user interface
- The project integrates Docker for containerization, Vite for frontend builds, and Cypress for end-to-end testing
- CI/CD pipelines and linting configurations are in place to support automated quality checks and deployment workflows
Code Quality
Code quality varies across modules, with a strong emphasis on testing and error handling but some inconsistencies present.
- A wide range of tests is implemented across both backend and frontend, including unit, integration, and end-to-end testing
- Error handling practices are consistent with widespread use of try/catch patterns and structured logging
- Code style is mostly consistent, though some areas show signs of technical debt and reduced adherence to standards
- Linting and documentation are configured, supporting maintainability and clarity in development practices
What Makes It Unique
This project distinguishes itself through its hybrid architecture and security-first approach that blends Rust and JavaScript ecosystems.
- The combination of high-performance Rust services with a modern Vue.js frontend enables a unique balance between speed and usability
- Authentication flows are built with extensible contracts, supporting features like two-factor authentication and session management
- Security is a core focus with Rust-based cryptography, JWT handling, and fine-grained access controls
- The system provides a developer-friendly configuration layer and comprehensive test coverage that enhances maintainability