Skip to content

velipso/staticvault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
dist
dist
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build
build
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

StaticVault

StaticVault lets you create an encrypted, client-decryptable file system that can be hosted on static web platforms like S3, GitHub Pages, or any CDN. Ideal for secure, private content delivery, and easily hosted on static blogs (Hugo, Jekyll, etc).

You encrypt and manage your files locally, then deploy the encrypted vault. A lightweight browser-based app (included) allows in-browser decryption and previews of text and images.

Demo vault (password: hello).

Features

  • Encrypt files locally
  • Host anywhere: S3, Netlify, GitHub Pages, etc
  • Duplicate files are only stored once
  • CLI for creating, ingesting, listing, and extracting files

Client features:

  • Mobile friendly site for browsing files
  • Preview images/text in browser
  • Share files/folders with friends
  • Set expiration for shared links (enforced client-side)

Quick Start

You don't need to install anything globally - just use npx:

npx staticvault init path/to/vault
npx staticvault ingest path/to/vault path/to/files

Then upload the contents of path/to/vault to your static site host.

Your newly created vault includes the client, index.html, and library index.min.js, which you can access on your site.

Commands

npx staticvault <command> [arguments]

chpass

Change vault password.

npx staticvault chpass <vault> [-p password] [-n newpassword]

dump

Decrypt the vault into a directory.

npx staticvault dump <vault> <destination> [-p password]

init

Initialize a new vault.

npx staticvault init <vault> [-p password] [-d difficulty]

ingest

Encrypt and add files to an existing vault. Use -i to ignore files/folders based on a pattern (*, **, and ? supported).

npx staticvault ingest <vault> <source> [-i ignore]+ [-p password]

rekey

Generates new encryption keys. By default, this will rotate the metadata keys. Use -a to rotate the file keys as well, but this will mean re-encrypting all files, which could be expensive.

Useful for revoking access to all shared links.

npx staticvault rekey <vault> [-p password] [-a]

rm

Remove a file or folder from the vault.

npx staticvault rm <vault> <path> [-p password]

test

Run internal tests.

npx staticvault test

tree

List the contents of the vault.

npx staticvault tree <vault> [-p password]

version

Output version.

npx staticvault version

Example Workflow

npx staticvault init myvault
npx staticvault ingest myvault ./blog-attachments
npx staticvault tree myvault

Then upload the contents of myvault/ to your static host.

About

Encrypt, host, and share files on a static website

Topics

nodejs javascript cryptography privacy encryption frontend vault self-hosted static-site web-security file-encryption zero-knowledge cli-tool secure-storage browser-app

Resources

Readme

License

0BSD license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 9

v1.1.4 Latest
Jul 16, 2025
+ 8 releases

Packages

No packages published

Languages