{"id":13471538,"url":"https://github.com/ItalyPaleAle/prvt","last_synced_at":"2025-03-26T13:31:19.628Z","repository":{"id":39084177,"uuid":"245756099","full_name":"ItalyPaleAle/prvt","owner":"ItalyPaleAle","description":"🔐 Personal, end-to-end encrypted storage that works through your browser","archived":false,"fork":false,"pushed_at":"2023-09-15T13:12:19.000Z","size":13576,"stargazers_count":118,"open_issues_count":15,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-16T07:11:25.722Z","etag":null,"topics":["cloud-storage","encryption","end-to-end-encryption","storage"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ItalyPaleAle.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-03-08T05:12:13.000Z","updated_at":"2025-03-12T21:19:52.000Z","dependencies_parsed_at":"2024-01-16T06:09:03.137Z","dependency_job_id":"0cd7884a-9893-4e5c-8f74-d0a93bc109a3","html_url":"https://github.com/ItalyPaleAle/prvt","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItalyPaleAle%2Fprvt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItalyPaleAle%2Fprvt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItalyPaleAle%2Fprvt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItalyPaleAle%2Fprvt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ItalyPaleAle","download_url":"https://codeload.github.com/ItalyPaleAle/prvt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245662855,"owners_count":20652095,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-storage","encryption","end-to-end-encryption","storage"],"created_at":"2024-07-31T16:00:46.377Z","updated_at":"2025-03-26T13:31:16.106Z","avatar_url":"https://github.com/ItalyPaleAle.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# prvt\n\n**Personal, end-to-end encrypted cloud storage.**\n\nprvt lets you store files on the cloud or on local directories, protected with strong end-to-end encryption, and then conveniently view them within a web browser. You can leverage cloud-based object storage services (such as AWS S3 or Azure Storage) as a personal, general-purpose cloud storage service, with full end-to-end encryption.\n\nFeatures:\n\n- Runs on all platforms: Windows, Linux, macOS.\n- Uses industry-standard, strong, authenticated encryption algorithms.\n- Supports storing files on [Azure Blob Storage](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-overview), [AWS S3](https://aws.amazon.com/s3/), other S3-compatible services, and on a local folder.\n- Conveniently browse files using a web browser, displaying supported files (images, videos, PDFs, etc) within the browser itself.\n- Supports optional GPG keys or security tokens (such as a smart card or a YubiKey) to restrict access to your data.\n\nprvt is free software, released under GNU General Public License version 3.0.\n\n![The prvt web-based file viewer](./screenshot.png)\n\n# Installation\n\n## Important: do not use go get\n\n**Do not fetch prvt using `go get`!** prvt requires some additional steps to be compiled. See below for [building from source](#building-from-source). \n\n## Homebrew on macOS\n\nThe simplest way to install prvt on macOS is to use the Homebrew package manager. prvt is distributed as a Cask:\n\n```sh\nbrew cask install italypaleale/tap/prvt\n```\n\n## Pre-compiled binaries\n\nYou can download a pre-compiled binary for Windows, macOS, and Linux. Check out the [Releases](https://github.com/ItalyPaleAle/prvt/releases) section.\n\nAfter downloading the archive for your operating system and architecture, extract it and copy the binary anywhere on your system.\n\n\u003e **Note for macOS:** The pre-compiled binary is not signed with an Apple developer certificate, and recent versions of macOS will refuse to run it. You can fix this by running:\n\u003e\n\u003e ```sh\n\u003e # Use the path where you downloaded prvt to\n\u003e xattr -rc /path/to/prvt\n\u003e ```\n\u003e\n\u003e This step is not necessary if you're using Homebrew.\n\n# Using prvt\n\n## Initialize the repository\n\nBefore you can use prvt, you need to initialize a repository. This is done with the `prvt repo init` command:\n\n```sh\nprvt repo init --store \u003cstring\u003e\n```\n\nYou will be prompted to set a passphrase, which will be used to encrypt and decrypt all files.\n\nThe store flag tells prvt where to keep your files. It's a string that starts with the name of the store, followed by a provider-specific configuration.\n\nSupported stores at the moment are:\n\n- For **Azure Blob Storage**, use `azure:` followed by the name of the container, for example `azure:myfiles`. The container must already exist. Additionally, set the following environmental variables to authenticate with Azure Storage: `AZURE_STORAGE_ACCOUNT` with the storage account name, and `AZURE_STORAGE_ACCESS_KEY` with the storage account key.\n- For **AWS S3**, use `s3:` followed by the name of the bucket, for example `s3:myfiles`. The bucket must already exist. Additionally, set the following environmental variables to authenticate with S3: `AWS_ACCESS_KEY_ID` with the access key id, and `AWS_SECRET_ACCESS_KEY` with the secret access key.\n- For other **S3-compatible services**, use the `s3:` prefix and the bucket name, just like for AWS S3, and set the access key id and the secret key with the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environmental variables. Next, set the endpoint of the service with the `S3_ENDPOINT` environmental variable (if not set, that defaults to AWS S3 at `s3.amazonaws.com`). By default, prvt uses TLS for accessing S3-compatible services, but that can be disabled by setting the environmental variable `S3_TLS=false`.\n- For storing on a **local folder**: use `local:` and the path to the folder (absolute or relative to the current working directory). For example: `local:/path/to/folder` or `local:subfolder-in-cwd`.\n\nFor example, to store files locally in a folder called \"repo\" (in the current working directory):\n\n```sh\nprvt repo init --store local:repo\n```\n\nTo store on Azure Blob Storage in a storage account called \"mystorageacct\" and in the \"myrepo\" container:\n\n```sh\nexport AZURE_STORAGE_ACCOUNT=mystorageacct\nexport AZURE_STORAGE_ACCESS_KEY=...\nprvt repo init --store azure:myrepo\n```\n\nTo store on AWS S3 in a bucket called \"mybucket\":\n\n```sh\nexport AWS_ACCESS_KEY_ID=...\nexport AWS_SECRET_ACCESS_KEY=...\n# For using other S3-compatible services, set also `export S3_ENDPOINT=some.service.com`\nprvt repo init --store s3:mybucket\n```\n\n## Add files\n\nYou can now add files to the repository, using the `prvt add` command:\n\n```sh\nprvt add \u003cfile\u003e [\u003cfile\u003e ...] --store \u003cstring\u003e --destination \u003cstring\u003e\n```\n\nYou can add multiple files and folders, which will be added recursively.\n\nThe destination flag is required and it's the path in the repository where you want your files to be added; it must begin with a slash (`/`).\n\nFor example, to add the folder \"photos\" from your desktop:\n\n```sh\nprvt add ~/photos --store local:repo --destination /\n```\n\n## View files in the browser\n\nprvt offers a browser-based interface to view your (encrypted) files, by running a local server. You can start the server with:\n\n```sh\nprvt serve --store \u003cstring\u003e\n```\n\nBy default, the server starts at http://127.0.0.1:3129 You can configure what port the server listens on with the `--port` flag. If you want to enable remote clients to access the server, use the `--address 0.0.0.0` flag.\n\nYour browser will try to display supported files within itself, such as photos, supported videos, PDFs, etc. When trying to open other kinds of files, you'll be prompted to download them.\n\n## Delete files from the repository\n\nYou can remove files from the repository with:\n\n```sh\nprvt rm \u003cpath\u003e --store \u003cstring\u003e\n```\n\nWhere the path is the path of the file or folder within the repository. To remove a file, specify its exact path. To remove a folder recursively, specify the name of the folder, ending with `/*`.\n\nFor example, to remove a single file:\n\n```sh\nprvt rm /photos/IMG_0311.jpeg --store local:repo\n```\n\nTo remove an entire folder:\n\n```sh\n# It's recommended to quote the path to prevent the shell from expanding it\nprvt rm \"/photos/*\" --store local:repo\n```\n\nNote: once deleted, files cannot be recovered.\n\n## Using GPG keys\n\nInstead of using passphrases, you can configure a repository to be unlocked with a GPG key. This can be useful in scenarios such as when you want to use prvt in non-interactive scripts, or when you want to use a GPG key stored in a token (such as a smart card or a security key like a YubiKey, etc).\n\nIn order to use this mode of operation, you need to have the GPG utility installed (at least version 2), and the `gpg` or `gpg2` command must available in your system's `PATH`. You also need to have a GPG keypair (public and private) available.\n\nTo use a GPG key rather than a passphrase, initialize the repository with the `--gpg \u003caddress\u003e` flag. The value is the ID or address of a public key in your GPG keyring. For example:\n\n```sh\n# Use the address\nprvt repo init --store local:repo --gpg mykey@example.com\n# Use the public key ID\nprvt repo init --store local:repo --gpg 0x30F411E2\n```\n\nWhen a repository is initialized with a GPG key, the other commands that need to access (read or update) data, such as `prvt add`, `prvt serve`, and `prvt rm`, will invoke the GPG utility to obtain the master key and unlock the repository. You will need the private key available in the GPG utility for all these operations to succeed.\n\n## Managing passphrases and keys\n\nYou can have multiple passphrases and keys authorized to unlock a repository, and you can rotate them as you wish.\n\n### Adding a passphrase or key\n\nYou can add a new passphrase with the following command. It will prompt you to first type the current passphrase, and then a second time to add a new passphrase:\n\n```sh\nprvt repo key add --store \u003cstring\u003e\n```\n\nYou can also add a GPG key to a repository:\n\n```sh\nprvt repo key add --store \u003cstring\u003e --gpg \u003caddress\u003e\n```\n\n### Listing all passphrases and keys\n\nTo list all passphrases and keys authorized to unlock your repository use:\n\n```sh\nprvt repo key ls --store \u003cstring\u003e\n```\n\nPassphrases are identified by their ID and starting with `p:`, for example: `p:59BDDDA8E94EE79F` (these are actually the first 8 bytes of the wrapped/encrypted key). GPG keys are identified by their address.\n\n### Testing and identifying a passphrase or key\n\nYou can test if a passphrase or key can unlock a repository and getting its identifier using:\n\n```sh\nprvt repo key test --store \u003cstring\u003e\n```\n\nUsing a valid GPG key or a passphrase will unlock the repository, then print the identifier of the key. This can be particularly useful to delete a passphrase or key from the repository.\n\n### Removing a passphrase or key\n\nTo remove a passphrase or key, run the following command with the identifier of the passphrase or key:\n\n```sh\nprvt repo key ls --store \u003cstring\u003e --key \u003cstring\u003e\n```\n\n## Using environmental variables\n\nYou can set pre-defined values with environmental variables to reduce repetitions.\n\n### `PRVT_STORE`\n\nUse the `PRVT_STORE` environmental variable to set a default value for the `--store \u003cstring\u003e` flag for all commands that require it.\n\nFor example:\n\n```sh\nexport PRVT_STORE=\"local:repo\"\nprvt repo init\n```\n\nThe value defined with environmental variables acts as a fallback, and you can override it by explicitly set the `--store \u003cstring\u003e` flag.\n\n# Building from source\n\nTo build prvt from source, you need:\n\n- Go 1.15\n- Packr v2 (2.7.1 or higher): https://github.com/gobuffalo/packr/tree/master/v2\n\nAfter having cloned the repo locally, you can build prvt with a single command:\n\n```sh\nmake\n```\n\n## Development\n\nFirst build the web UI:\n\n```sh\n# Navigate to the ui/ folder\ncd ui/\n\n# Install dependencies from NPM\nnpm ci\n\n# Build for development and start the dev server\nnpm run dev\n\n# Generate a production build of the web UI\nnpm run build\n```\n\nYou can then run prvt by running these commands in the root of the project:\n\n```sh\ngo run .\n```\n\nTo build the application and generate a self-contained binary, first you need to run packr2 to embed the web UI into the Go application:\n\n```sh\npackr2\ngo build -o bin\n```\n\n# FAQ\n\n### How does prvt encrypt my files?\n\nprvt encrypts your files using strong, industry-standard ciphers, such as AES-256-GCM and ChaCha20-Poly1305. The encryption key is derived from the passphrase you choose using Argon2id, or from a key wrapped with GPG.\n\nCheck out the [Encryption](./docs/Encryption.md) document for detailed information.\n\n### Does prvt encrypt the names of files and folders?\n\nYes. prvt stores all encrypted files with a random UUID as name. The actual path of the file and its directory are only stored in the index file, which is encrypted itself.\n\n### Has the prvt codebase been audited?\n\nThe prvt codebase has not been audited yet (and you won't see a \"1.0\" release until that happens).\n\nHowever, all the cryptographic operations used by prvt leverage popular, strong ciphers and algorithms such as AES-256-GCM, ChaCha20-Poly1305, and Argon2id. prvt relies on production-ready libraries that implement those algorithms, such as [minio/sio](https://github.com/minio/sio), [google/tink](https://github.com/google/tink), and the Go's standard library. Additionally, prvt can interface with an externally-installed GPG utility if you are initializing a repository with a GPG-wrapped key.\n\nCheck out the [Encryption](./docs/Encryption.md) document for detailed information.\n\n### How many files can I store in a repository?\n\nThere's no limit on the number of files you can store in a repository.\n\nHowever, the way the index is implemented relies on a single file, which might make opening or updating the files in a repository slow when you have a lot (many thousands) of files. If you are planning to store a very large number of files, consider splitting them into multiple repositories.\n\n### Can I access the prvt web UI over the network?\n\nYes, but this is not allowed by default, as the prvt server is listening on 127.0.0.1 only. To connect to a prvt server over the network, set the `--address 0.0.0.0` option for the `prvt serve` command.\n\nNote that prvt is optimized for running on your local machine and does not feature any authentication out-of-the-box. If you expose prvt on the network, anyone can access the files in your repository through the web UI.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FItalyPaleAle%2Fprvt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FItalyPaleAle%2Fprvt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FItalyPaleAle%2Fprvt/lists"}