SkySend | Docs

Appearance

SkySendEncrypted File & Note Sharing

Minimalist, self-hostable, end-to-end encrypted file and note sharing. Zero knowledge - the server never sees your data.

User Guide
Developer Guide
Instances
๐Ÿ”’

End-to-End Encryption

AES-256-GCM streaming encryption with HKDF-SHA256 key derivation. The server never has access to plaintext data.

๐Ÿง 

Zero Knowledge

The encryption key lives only in the URL fragment (#) and never leaves the browser. The server is intentionally blind.

๐Ÿ‘ค

No Accounts Required

No registration, no login, no tracking. Upload a file, get a link, share it. That's it.

๐Ÿ”‘

Password Protection

Protect uploads with a password using Argon2id (WASM). Memory-hard, GPU-resistant key derivation.

๐Ÿ‘ฅ

OIDC / SSO Authentication

Optionally restrict who can upload by connecting any OIDC-compatible provider (PocketID, Authentik, Keycloak, or generic). Download links always remain accessible without login.

๐Ÿ“

Multi-File & Folder Uploads

Upload multiple files or entire folders. Files are zipped client-side with fflate before encryption - the server sees only one encrypted blob.

๐Ÿ“

Encrypted Notes

Share text, passwords, code, Markdown, or SSH keys - all end-to-end encrypted. Supports burn-after-reading, view limits, and password protection.

โฑ๏ธ

Automatic Expiry

Uploads and notes expire automatically after a configurable time or download/view count. No data lingers on the server.

๐Ÿ“Š

Upload Dashboard

Track your uploads and notes locally via IndexedDB. View download/view counts, expiry countdowns, and re-copy share links - no account needed.

๐Ÿ› ๏ธ

Admin CLI

Manage uploads, view statistics, trigger cleanup, and inspect configuration from the command line inside the container.

๐Ÿ’ป

CLI Client

Upload and download files from the terminal with full E2E encryption. Pre-built binaries for Linux, macOS, and Windows with self-update support.

โ˜๏ธ

S3 Storage Support

Optional S3-compatible storage backend for Cloudflare R2, AWS S3, MinIO, and more. Serve files via presigned URLs.

๐Ÿณ

Docker Ready

Multi-arch images (AMD64/ARM64), built-in health checks, graceful shutdown, and configurable PUID/PGID.

๐ŸŒ

Multi-Language

Built-in internationalization with automatic browser language detection and English fallback.

๐Ÿ›ก๏ธ

Privacy by Design

No telemetry, no analytics, no external service dependencies. Upload quotas use HMAC-hashed IPs with daily key rotation.

๐Ÿ“œ

Open Source (AGPLv3)

Fully open source. Hosted instances must release their source code, protecting users from closed-source forks.

Quick Start โ€‹

Get SkySend running in seconds with Docker:

yaml
services:
  skysend:
    image: skyfay/skysend:latest
    container_name: skysend
    restart: always
    ports:
      - "3000:3000"
    volumes:
      - ./data:/data
      - ./uploads:/uploads
    environment:
      - BASE_URL=http://localhost:3000
      # All environment variables: https://docs.skysend.ch/user-guide/configuration/environment-variables
      # There are a lot of customization options available, so make sure to check the documentation for more details.
bash
docker run -d --name skysend -p 3000:3000 \
  -e BASE_URL=http://localhost:3000 \
  -v "$(pwd)/data:/data" \
  -v "$(pwd)/uploads:/uploads" \
  skyfay/skysend:latest

Then open http://localhost:3000 in your browser.

CLI Client โ€‹

Upload and download files from the terminal with end-to-end encryption:

bash
curl -fsSL https://skysend.ch/install.sh | sh
powershell
irm https://skysend.ch/install.ps1 | iex
bash
skysend config set-server https://your-instance.com
skysend upload ./document.pdf
skysend download https://your-instance.com/file/abc123#secret

See the full CLI Client documentation for all commands and options.

๐Ÿ’ฌ Community & Support โ€‹

๐Ÿค– AI Development Transparency โ€‹

Architecture & Concept โ€‹

The system architecture, cryptographic design, strict technology stack selection, and feature specifications for SkySend were entirely conceptualized and directed by a human System Engineer to solve real-world privacy challenges in file sharing.

Implementation โ€‹

The application code was generated by AI coding agents following detailed architectural specifications and coding guidelines. All features were manually tested for correctness, stability, and real-world reliability. Automated unit tests (Vitest) with coverage tracking via Codecov, CodeQL static analysis, and security audits complement the manual QA process.

Open for Review โ€‹

SkySend is thoroughly tested and used in production, but a formal manual security audit by an external developer has not yet been completed. The entire cryptographic design is publicly documented to facilitate independent review. If you are a software developer or cybersecurity professional, your expertise is highly welcome! We invite the open-source community to review the code, submit PRs, and help us elevate SkySend to a fully verified standard.

Security Disclosure: If you discover a security vulnerability, please do not open a public GitHub issue. Instead, report it responsibly via email to security@skysend.ch.