An open source file sharing platform with pluggable infrastructure where files bypass the server
Features
- Direct uploads and downloads via presigned URLs: files bypass the server
- Swappable infrastructure: every component (storage, database, events, cache, notifier) can be replaced
- SSO via any OIDC provider, with local auth for external users
- Role-based access control at platform and bucket level
- Quick/reverse share: share file via public links with options (password, max downloads, max views, etc...)
- Real-time activity tracking and audit logs
- Multifactor authentication (TOTP)
- File expiration, trash with configurable retention
- Admin dashboard with platform-wide statistics
And more... see the full list of features.
Architecture
Quick Start
git clone https://github.com/safebucket/safebucket.git
cd safebucket/deployments/local/lite
docker compose up -d- Go to http://localhost:8080
- Log in with:
- login: [email protected]
- password: ChangeMePlease
Note: If you are accessing Safebucket from an external machine (e.g. Proxmox), you need to update the following environment variables in the .env file with your host's IP or domain:
STORAGE__RUSTFS__EXTERNAL_ENDPOINTAPP__ALLOWED_ORIGINSAPP__API_URLAPP__WEB_URL
Verify Image Signature
All published container images are signed with cosign using keyless signing via GitHub Actions OIDC: no manual keys are involved.
You can verify the signature of any published image using the following commands:
cosign verify \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
--certificate-identity-regexp=https://github.com/safebucket/safebucket/ \
ghcr.io/safebucket/safebucket:<tag>Replace <tag> with the image tag you want to verify (e.g., latest, v1.0.0).
Star History
License
This project is licensed under the Apache 2.0 - see the LICENSE file for details.