Minimalist, end-to-end encrypted, self-hostable file sharing service.
Documentation • Quick Start • Changelog • Roadmap
SkySend is a minimalist, self-hostable file sharing service with end-to-end encryption. Files are encrypted entirely in the browser using AES-256-GCM before they ever reach the server - the server stores only encrypted blobs and never has access to the decryption key.
No accounts required. No telemetry. No external dependencies. Just upload a file, get a link, share it. Links expire automatically after a configurable time or number of downloads.
Inspired by timvisee/send (the community fork of Mozilla Send), SkySend is built from scratch with higher security standards and a minimal, maintainable codebase.
- AES-256-GCM streaming encryption with 64KB record size
- HKDF-SHA256 key derivation with domain-separated keys (fileKey, metaKey, authKey)
- Zero Knowledge - the encryption key lives only in the URL fragment (
#) and never leaves the browser - Argon2id password protection via WASM with PBKDF2-SHA256 fallback
- Drag & Drop - files and folders
- Multi-File Upload - up to 32 files per upload, zipped client-side with fflate
- Folder Upload - entire directories via the folder picker
- Configurable Expiry - choose download limits and expiration times
- Password Protection - optional, GPU-resistant key derivation
- Share Links - copy and share with one click
- No Account Needed - upload history stored locally in IndexedDB
- Live Status - download counts, remaining downloads, expiry countdowns
- Manage Uploads - re-copy share links or delete uploads
- Auto-Cleanup - expired entries removed automatically
- Single Container - deploy with
docker compose up -d - Multi-Arch - AMD64 and ARM64 images
- Health Checks - built-in health endpoint at
/api/health - Configurable UID/GID -
PUID/PGIDfor proper volume permissions - Graceful Shutdown - handles SIGTERM cleanly
skysend-cli list- show active uploadsskysend-cli delete <id>- delete an uploadskysend-cli stats- storage overviewskysend-cli cleanup- trigger manual cleanupskysend-cli config- show current configuration
- Multi-Language - automatic browser language detection with English fallback
- Dark Mode - with automatic OS detection
- Rate Limiting - sliding window, per-IP
- Upload Quota - privacy-preserving with HMAC-hashed IPs and daily key rotation
- Responsive - mobile and desktop
Supported Platforms: AMD64 (x86_64) • ARM64 (aarch64)
# docker-compose.yml
services:
skysend:
image: skyfay/skysend:latest
container_name: skysend
restart: always
ports:
- "3000:3000"
volumes:
- ./data:/data
- ./uploads:/uploads
environment:
- BASE_URL=http://localhost:3000
- PUID=1000
- PGID=1000
# All environment variables: https://docs.skysend.ch/user-guide/configuration/environment-variablesdocker compose up -dOpen http://localhost:3000 in your browser.
📖 Full installation guide: docs.skysend.ch/user-guide/getting-started
| Component | Algorithm |
|---|---|
| Secret Key | 256-bit Random (32 Bytes) |
| Key Derivation | HKDF-SHA256 |
| File Encryption | AES-256-GCM, 64KB Record Size |
| Metadata Encryption | AES-256-GCM + Random IV |
| Nonce Handling | Counter-based (XOR) |
| Auth Token | HMAC-SHA256 |
| Password KDF | Argon2id (WASM) / PBKDF2-SHA256 (600k iterations) |
The complete crypto design is publicly documented at docs.skysend.ch/developer-guide/crypto.
| Area | Technology |
|---|---|
| Runtime | Node.js 24 LTS |
| Backend | Hono |
| Frontend | Vite + React 19 + Shadcn UI |
| Database | SQLite (Drizzle ORM) |
| Crypto | Web Crypto API + Argon2id (WASM) |
| Validation | Zod |
| i18n | react-i18next |
| Docs | VitePress |
| Monorepo | pnpm Workspaces |
Full documentation is available at docs.skysend.ch:
- User Guide - Installation, configuration, usage
- Developer Guide - Architecture, crypto design, contributing
- Changelog - Release history
- Roadmap - Planned features
# Clone & install
git clone https://github.com/Skyfay/SkySend.git && cd SkySend
pnpm install
# Start dev server (all packages in parallel)
pnpm dev
# Run all checks (lint, typecheck, tests)
pnpm validateFor contribution guidelines, see the Developer Guide and CONTRIBUTING.md.
- 💬 Discord: Join our community at https://dc.skyfay.ch
- 📝 Documentation: Full guides at docs.skysend.ch
- 🐛 Issues: Report bugs or request features on GitHub Issues
- 📧 Support: General questions and support via support@skysend.ch
- 🔒 Security: Report vulnerabilities responsibly via security@skysend.ch (please do not open public issues for security reports)
The system architecture, cryptographic design, strict technology stack selection, and feature specifications for SkySend were entirely conceptualized and directed by a human System Engineer to solve real-world privacy challenges in file sharing.
The application code was generated by AI coding agents following detailed architectural specifications and coding guidelines. All features were manually tested for correctness, stability, and real-world reliability. Automated unit tests (Vitest) and static security audits complement the manual QA process.
SkySend is thoroughly tested and used in production, but a formal manual security audit by an external developer has not yet been completed. The entire cryptographic design is publicly documented to facilitate independent review. If you are a software developer or cybersecurity professional, your expertise is highly welcome! We invite the open-source community to review the code, submit PRs, and help us elevate SkySend to a fully verified standard.
Security Disclosure: If you discover a security vulnerability, please do not open a public GitHub issue. Instead, report it responsibly via email to security@skysend.ch.
GNU Affero General Public License v3.0 - Any hosted instance must release its source code.