A desktop file manager for S3-compatible storage.
Quick Start • Features • Docs • Security
Tip
S3 stands for Simple Storage Service — Lopload holds it to that. Add credentials for one or more storage connections, then drag files in like any other file manager — Windows, macOS, and Linux: just folders and files.
bun install
bun run tauri devTip
bun run dev starts Vite in a plain browser tab, but the app only renders a
"requires the desktop app" notice there — the real S3/keychain/transfer
stack needs the Tauri webview. Use bun run tauri dev to run the app.
| Platform | Download |
|---|---|
| macOS (Apple Silicon) | .dmg |
| Windows (x64) | .msi (installer) · .exe (portable) |
| Linux (x64) | .deb · .rpm · .AppImage |
Download from the releases page.
Note
macOS builds are not notarized yet, so Gatekeeper will warn on first launch.
Right-click the app → Open (once), or clear the quarantine flag:
xattr -dr com.apple.quarantine /Applications/Lopload.app
- Verified uploads — every file is checked after transfer: local MD5 vs server ETag. A network hiccup that truncates a transfer can never produce a false "done."
- Sticky failures — failed transfers stay visible until you act on them. No auto-dismiss, no silent retry.
- Multi-connection — switch between storage endpoints. Each remembers its last-browsed folder.
- Recoverable trash — deletes move files to a Trash you can restore from, instead of destroying them immediately.
- Share links — generate a presigned link with a picked expiry, right from the file row.
- Drag-and-drop moves — drag files onto folders or breadcrumbs to move them, with a live drop-target indicator.
- Follows system theme — light/dark follows the OS by default, with a manual toggle in the header.
Tip
Production build — bun run tauri build always stores credentials in the native OS keychain (macOS Keychain / Windows Credential Manager / Linux Secret Service). No env vars, no config, no prompts.
Lopload checks GitHub Releases for a new version on startup (and at most every 24h while it stays open), and offers a "restart to update" prompt — never a forced/silent update. Updates are signed with a minisign keypair and verified before install — the public key ships in src-tauri/tauri.conf.json; there's no paid code-signing certificate involved.
Running a fork? One-time signing setup
Tagged release builds (v*) sign updater artifacts with a private key held in this repo's CI secrets, so a fork needs its own keypair:
-
Generate the keypair (once, on your machine — never commit the private key):
bunx tauri signer generate -w ~/.tauri/lopload.keyThis prints a public key and writes the private key to
~/.tauri/lopload.key. Optionally pass-pto set a password on the private key. -
Paste the public key into
src-tauri/tauri.conf.json→plugins.updater.pubkey, and pointplugins.updater.endpointsat your fork's releases. -
Add GitHub Actions secrets (repo → Settings → Secrets and variables → Actions):
TAURI_SIGNING_PRIVATE_KEY— the contents of~/.tauri/lopload.keyTAURI_SIGNING_PRIVATE_KEY_PASSWORD— only if you set a password in step 1
Everyday push/PR builds pass --no-sign and work without any of this; only tag builds need the secrets.
- Credentials live only in the OS keychain. Never in SQLite, config files, or logs.
- All S3 requests go through Rust via
@tauri-apps/plugin-http. No CORS, no proxy, no third-party relay. - Error messages shown to the user are plain sentences. Raw SDK or XML error text never reaches the UI.
- Found a vulnerability? Report it privately — see
SECURITY.md. - Documentation (coming soon)
See CONTRIBUTING.md to get started, and AGENTS.md for architecture, commands, and conventions.
