Arrow left and right: switch to the adjacent tool in the overview. Arrow up and down scroll the page.

HermitStash

HermitStash

Post-quantum encrypted file sharing for self-hosting

Visit Website
Hearts Heat (0–100)
5 StarsNOASSERTIONv1.13.14Jul 18, 2026Since Apr 20260 open issues

AI Summary

HermitStash is a self-hosted file sharing solution with post-quantum cryptography (ML-KEM-1024) that provides zero-knowledge encryption and end-to-end security. The platform enables encrypted file sharing via Public Drops, Team Vaults and branded client portals with desktop sync client.

Screenshot of HermitStash website

Pros

  • +Post-quantum cryptography (ML-KEM-1024) protects against future quantum computer attacks
  • +Complete control through self-hosting without external cloud dependencies
  • +Zero npm dependencies significantly reduces supply chain risks

Cons

  • Requires own server infrastructure and technical know-how for deployment
  • High cryptographic complexity may be oversized for smaller teams

Use Cases

  • Secure file transfer with clients via branded upload portals
  • Internal team encrypted file sharing with role-based access control
  • Zero-knowledge personal vault for highly sensitive documents
  • Real-time folder synchronization between desktop and server via WebSocket

Who is it for?

For security-conscious developers, IT teams and businesses that need maximum control over encrypted file sharing.

Tags

Platform: web, self-hosted

What is HermitStash?

HermitStash is a self-hosted platform for encrypted file transfer. Its defining characteristic is the cryptographic foundation: HermitStash uses ML-KEM-1024, a post-quantum algorithm designed to resist attacks from future quantum computers. All data is end-to-end encrypted, and the server has no access to plaintext content (zero-knowledge principle). Anyone looking for a Dropbox alternative where the operator cannot read any content and the entire infrastructure stays under their own control will find what they need here.

Core features

  • Public Drops: Public upload points for incoming files, with no account required from the sender.
  • Team Vaults: Shared encrypted storage with role-based access control for internal teams.
  • Branded client portals: Custom upload portals with your own branding for secure file handover with external clients.
  • Desktop sync client: Real-time folder synchronisation between a local machine and the server via WebSocket.
  • Zero npm dependencies: No external JavaScript packages in the build, which significantly reduces the attack surface for supply-chain attacks.

Who is HermitStash for?

HermitStash is aimed at developers and IT teams with compliance requirements or internal security policies that rule out conventional cloud services. Typical scenarios: law firms or agencies that want to offer clients a secure upload channel without passing data to third-party providers. Or small development teams that need to share sensitive build artefacts and credentials internally.

Running HermitStash requires your own server infrastructure. Anyone who has never deployed a service before will need to invest time in setup. The cryptographic depth (ML-KEM-1024) is overkill for many use cases. For teams that simply want to share files and have no threat model involving quantum computers, HermitStash goes further than necessary.

Context & alternatives

HermitStash belongs to the category of self-hosted, security-focused file-sharing tools. Well-known alternatives in this space include Nextcloud (broad feature set, large community) and Seafile (focus on performance and sync). Both rely on classical cryptography. Anyone who specifically needs post-quantum encryption combined with a zero-knowledge architecture, and is willing to forgo a broader ecosystem, will find that HermitStash offers a combination that is rare among self-hosted tools.

Related Tools

Meooow! Want tool tips by email?

Yes, please!