hoodik

Self-hosted, end-to-end encrypted cloud storage with browser-based encryption and S3-compatible storage support

1.3Kstars
62forks
Custom / Unknown
Rust

Hoodik is a lightweight, self-hosted cloud storage server built for users who demand provable privacy: all encryption and decryption happens in the browser before any data leaves your machine, meaning the server only ever handles opaque encrypted blobs. Built with Rust on Actix-web and Vue 3 on the frontend, it delivers a polished file management experience without sacrificing the security guarantees of client-side cryptography.

The encryption model uses a hybrid RSA-2048 plus AEGIS-128L scheme, with the same cryptographic logic shared between the Rust backend and a WASM module running in the browser — eliminating the class of implementation divergence bugs common in client/server systems. File metadata is tokenized and hashed so search works server-side without ever exposing plaintext filenames, and public sharing links store the decryption key only in the URL fragment, invisible to the server and server logs.

Beyond file storage, Hoodik now includes encrypted notes with a Milkdown WYSIWYG Markdown editor, applying the same E2E encryption model to rich text content. Storage backends are pluggable: run entirely on local disk or redirect encrypted chunks to any S3-compatible service — AWS S3, MinIO, Backblaze B2, or Wasabi — with a single environment variable change.

Deployment is a single Docker container with multi-architecture support (amd64, armv6, armv7, arm64). SQLite works out of the box; PostgreSQL is available for multi-user or high-throughput deployments. The admin dashboard covers user management, session control, and application settings, making Hoodik a complete self-hosted alternative to commercial cloud drives.

What You Get

  • End-to-end encrypted file storage - Files are encrypted chunk-by-chunk in the browser using a hybrid RSA-2048 plus AEGIS-128L scheme before upload; the server stores only ciphertext and the encrypted file key, so even a compromised server cannot read your files.
  • Encrypted notes with WYSIWYG editor - Create and edit rich Markdown notes using the Milkdown editor; note content is encrypted with the same E2E model as files, auto-saved, and searchable — all without exposing plaintext to the server.
  • Privacy-preserving search - File and note metadata is tokenized and hashed client-side before being sent to the server; search queries go through the same transformation and are matched against stored hashes, enabling search functionality with zero plaintext server-side.
  • Secure public sharing links - Share files via generated URLs where the decryption key is appended as a URL fragment; the server never sees the key, and the recipient’s browser decrypts the file locally using that fragment.
  • S3-compatible storage backend - Store encrypted chunks on any S3-compatible service (AWS S3, MinIO, Backblaze B2, Wasabi) via environment variables, with a built-in migration command to move existing local data to S3 without data loss.
  • TOTP two-factor authentication - Optional per-user TOTP-based 2FA adds a second layer of access control beyond passwords and session tokens.
  • Chunked concurrent transfers - Large files are split into independently encrypted chunks that upload and download concurrently, improving performance and resilience on slow or unstable connections.
  • Admin dashboard - Manage users, active sessions, invitations, and application-wide settings through a built-in admin interface, with support for both invitation-based and open registration flows.

Common Use Cases

  • Privacy-first personal cloud replacement - A developer replaces Dropbox or iCloud with Hoodik on a VPS to retain full control of encryption keys and data residency, using the Android app for mobile access and public links for occasional sharing.
  • Secure document archive for regulated work - A freelance lawyer stores confidential client contracts and case files on a home server running Hoodik, ensuring files remain encrypted at rest and in transit with no third-party cloud vendor touching the data.
  • Encrypted knowledge base for small teams - A small startup uses the encrypted notes feature to maintain internal runbooks and meeting notes that only team members with valid RSA keys can read, synced through a shared Hoodik instance.
  • Offsite encrypted backup on S3 - A self-hoster configures Hoodik with a Backblaze B2 bucket as the storage backend, getting the cost efficiency of object storage while keeping all chunks end-to-end encrypted so Backblaze never sees plaintext data.
  • Air-gapped secure photo archive - A photographer hosts Hoodik on a local network NAS to store full-resolution client photos with E2E encryption, sharing specific albums via URL fragment links without granting direct server access.

Under The Hood

Architecture Hoodik is organized as a Rust Cargo workspace with sixteen purpose-specific crates — auth, storage, transfer, cryptfns, entity, migration, config, admin, and others — each responsible for a single domain and assembled into one binary by the top-level hoodik crate. The backend follows a clear layered structure where Actix-web routes delegate to action functions, actions coordinate business logic and call repositories, and SeaORM repositories handle persistence. Dependency injection is explicit and struct-based rather than relying on a runtime container, keeping contracts visible at compile time. A shared cryptfns crate compiles to both native Rust for server-side operations and a WASM module for browser-side encryption, ensuring the same cryptographic code runs in both environments. The backend serves the compiled Vue 3 frontend as static files, making the entire application deployable as a single self-contained binary inside a Docker container.

Tech Stack The backend runs on Actix-web 4.11 with SeaORM 1.1 for async database access across both SQLite and PostgreSQL. The cryptographic stack is broad: RSA-2048 via the rsa crate, AEGIS-128L and ChaCha20-Poly1305 for symmetric encryption, Ascon-128a as an additional cipher option, bcrypt for password hashing, and JWT with jsonwebtoken for session management. The cryptfns crate produces a WASM binary using wasm-pack, enabling the browser to run the same Rust cryptography via SIMD128-accelerated AEGIS. Email is handled by Lettre with Handlebars templates. Object storage uses the rust-s3 crate for S3-compatible backends. The frontend is Vue 3 with Pinia for state management, Vite for builds, TypeScript throughout, Tailwind CSS for styling, and Milkdown for the rich-text note editor. Playwright covers end-to-end browser tests while Vitest handles frontend unit tests.

Code Quality Testing is comprehensive across multiple layers. Rust integration tests in the hoodik crate spin up a real Actix-web server against an in-memory database and exercise auth flows, file storage, TAR-format bulk uploads, link sharing, legacy routing, and email verification. Frontend unit tests with Vitest validate RSA key generation, AES and ChaCha20 cipher operations, the tokenizer, markdown save behavior, and link handling. End-to-end Playwright tests cover registration, file upload and download, notes creation, link sharing, version display, and password change flows. Error handling uses thiserror-derived custom error types propagated uniformly as AppResult throughout the Rust codebase. Type safety is strong on both sides: SeaORM provides compile-time schema validation in Rust, and TypeScript with strict mode enforces types across the Vue frontend. Inline comment density is sparse in many Rust modules, though the detailed DEVELOPMENT.md guide and thorough README compensate for onboarding.

What Makes It Unique The most technically distinctive aspect is the shared cryptfns crate that compiles identically to native Rust and WASM, guaranteeing that the browser and server execute the exact same cryptographic logic without any risk of implementation drift. The tokenized search system transforms file and note metadata into hashed tokens before they ever leave the browser, achieving useful search functionality without storing any plaintext names on the server — a privacy-preserving approach that runs entirely within a single Docker container without external search infrastructure. The URL-fragment-based key distribution for public sharing links ensures the share key is only ever handled by the sender’s and recipient’s browsers, never transmitted in a server request or logged. The addition of encrypted notes through the Milkdown WYSIWYG editor extends the same E2E encryption model from binary files to structured text content, making Hoodik a more complete private knowledge and file management system.

Self-Hosting

Hoodik is released under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) license. This license permits free personal, academic, and non-profit use with attribution, and allows modification and redistribution — but it explicitly prohibits commercial use without a separate agreement. If you or your organization intends to use Hoodik as part of a product or service that generates revenue, you must contact the author to arrange a commercial license. This is an important distinction for developers evaluating it as a component in a SaaS offering or internal enterprise tool: the license restriction applies to commercial deployment, not just resale.

Running Hoodik yourself requires a server with Docker support — the typical deployment is a single container behind a reverse proxy like Nginx Proxy Manager, with a mounted data volume for the SQLite database and local file chunks (or S3 credentials if using object storage). TLS is required and either auto-generated via self-signed certificates or supplied from your own CA. You are responsible for all operational concerns: backups of the SQLite database and local chunk directory, container updates when new versions are released, monitoring uptime, and configuring JWT_SECRET to prevent session invalidation on restart. The S3 storage backend offloads chunk durability to your chosen object storage provider, but the database still requires separate backup. PostgreSQL is available for teams needing concurrent access at scale, adding database operational burden. The Android app is maintained by the same author on the Play Store.

There is no hosted or managed version of Hoodik, and the project does not offer paid support tiers, SLAs, or enterprise contracts beyond the commercial license arrangement. What you gain from self-hosting is genuine end-to-end encryption with full key control — no vendor can access your data or hand it over to a third party. What you give up compared to services like Dropbox or MEGA is managed infrastructure, cross-platform native desktop clients, guaranteed uptime, and formal support channels. The project is actively maintained with frequent releases, but it is a solo-author open source project, which means the pace of bug fixes and feature development depends on one contributor.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search