Your files are encrypted in the browser before they ever touch the server. The server never sees your data. Not even we can read it.
# Clone & run in 30 seconds
$ git clone https://github.com/fabudde/nyxvault.git
$ cd nyxvault && bash setup.sh
$ node server.js
ð NyxVault running on http://localhost:3870
Storage: ./storage
Ready for encrypted uploads! ðĶ
Every file is encrypted before it leaves your browser. No exceptions.
ð
XChaCha20-Poly1305 authenticated encryption. Same crypto used by Signal and ProtonMail.
ð§
The server stores encrypted blobs. It can never decrypt your files â even if compromised.
ð
Memory-hard key derivation (64MB, 3 iterations). Passphrases are brute-force resistant.
ð
Every file gets a unique download link. Recipients decrypt in their browser with the passphrase.
â°
Set files to self-destruct after 1 hour, 24 hours, 7 days, or 30 days.
ðŠķ
Node.js + SQLite. No Docker required, no third-party services. One command to deploy.
Drop a file. It gets encrypted in your browser with your passphrase.
The encrypted blob is stored on your server. The server never sees plaintext.
Send the link + passphrase. The recipient decrypts in their browser.