HermitStash

Stash it quietly. Share it instantly.

Post-quantum encrypted file uploads. Self-hosted. Your server, your keys, your data.

Public Drop Team Sign In
Encrypted at Rest
Post-Quantum Crypto
Argon2 Auth
Passkey Login
Audit Logging
Folder Drops
Shareable Links
Zero Plaintext
Self-Hosted
Encrypted at Rest
Post-Quantum Crypto
Argon2 Auth
Passkey Login
Audit Logging
Folder Drops
Shareable Links
Zero Plaintext
Self-Hosted
Security First

Your files. Your keys.

01

Encrypted at Rest

Every file is encrypted with a unique AES-256-GCM key before hitting disk. Keys are sealed with ML-KEM-768 post-quantum cryptography. No plaintext ever touches storage.

02

Post-Quantum Crypto

ML-KEM-768 key encapsulation protects encryption keys against both classical and quantum attacks. SHA3-512 integrity checks on every file and session.

03

Argon2id Authentication

Passwords hashed with Argon2id — memory-hard, GPU-resistant, the winner of the Password Hashing Competition. Passkey/WebAuthn login with no password at all.

04

Full Audit Trail

Every login, upload, download, and admin action is logged. IPs hashed, emails vault-sealed, zero plaintext in audit records. Searchable, filterable, with configurable retention.

05

Self-Hosted Control

Your server, your data. No third-party cloud. Store on local disk, NAS mount, or S3-compatible bucket. Docker-ready.

06

Folder Drops

Drag entire folder trees. Bad file types silently skipped. Concurrent uploads with retry. Recipients browse folders or download as ZIP.

Try it now
How It Works

Two ways in.

Both encrypted end-to-end. Both get you shareable links in seconds.

Public

Drop Files

No login required. Files encrypted on arrival.

  1. Visit /drop
  2. Drag folders or files onto the page
  3. Files encrypted and stored instantly
  4. Get a shareable bundle link
  5. Recipients browse or download as ZIP
Try It
Team

Sign In & Upload

Passkey, Argon2, or Google OAuth. Full audit trail.

  1. Sign in with passkey, password, or Google
  2. Upload from your encrypted dashboard
  3. Manage files, users, and settings
  4. Every action logged and auditable
  5. API keys and webhooks for automation
Sign In
Get Started

Install. Run. Done.

terminal
$ npm install
$ node server.js
Vault keypair generated
Default admin: admin@hermitstash.com / admin
HermitStash is running!
http://localhost:3000

No config files. No build step. Settings live in the encrypted database. Configure everything from the admin panel.

Try The Drop