
HermitStash
Post-quantum encrypted file sharing for self-hosting
AI Summary
HermitStash is a self-hosted file sharing solution with post-quantum cryptography (ML-KEM-1024) that provides zero-knowledge encryption and end-to-end security. The platform enables encrypted file sharing via Public Drops, Team Vaults and branded client portals with desktop sync client.

✓ Pros
- +Post-quantum cryptography (ML-KEM-1024) protects against future quantum computer attacks
- +Complete control through self-hosting without external cloud dependencies
- +Zero npm dependencies significantly reduces supply chain risks
✗ Cons
- −Requires own server infrastructure and technical know-how for deployment
- −High cryptographic complexity may be oversized for smaller teams
Use Cases
- →Secure file transfer with clients via branded upload portals
- →Internal team encrypted file sharing with role-based access control
- →Zero-knowledge personal vault for highly sensitive documents
- →Real-time folder synchronization between desktop and server via WebSocket
Who is it for?
For security-conscious developers, IT teams and businesses that need maximum control over encrypted file sharing.
Tags
What is HermitStash?
HermitStash is a self-hosted platform for encrypted file transfer. Its defining characteristic is the cryptographic foundation: HermitStash uses ML-KEM-1024, a post-quantum algorithm designed to resist attacks from future quantum computers. All data is end-to-end encrypted, and the server has no access to plaintext content (zero-knowledge principle). Anyone looking for a Dropbox alternative where the operator cannot read any content and the entire infrastructure stays under their own control will find what they need here.
Core features
- Public Drops: Public upload points for incoming files, with no account required from the sender.
- Team Vaults: Shared encrypted storage with role-based access control for internal teams.
- Branded client portals: Custom upload portals with your own branding for secure file handover with external clients.
- Desktop sync client: Real-time folder synchronisation between a local machine and the server via WebSocket.
- Zero npm dependencies: No external JavaScript packages in the build, which significantly reduces the attack surface for supply-chain attacks.
Who is HermitStash for?
HermitStash is aimed at developers and IT teams with compliance requirements or internal security policies that rule out conventional cloud services. Typical scenarios: law firms or agencies that want to offer clients a secure upload channel without passing data to third-party providers. Or small development teams that need to share sensitive build artefacts and credentials internally.
Running HermitStash requires your own server infrastructure. Anyone who has never deployed a service before will need to invest time in setup. The cryptographic depth (ML-KEM-1024) is overkill for many use cases. For teams that simply want to share files and have no threat model involving quantum computers, HermitStash goes further than necessary.
Context & alternatives
HermitStash belongs to the category of self-hosted, security-focused file-sharing tools. Well-known alternatives in this space include Nextcloud (broad feature set, large community) and Seafile (focus on performance and sync). Both rely on classical cryptography. Anyone who specifically needs post-quantum encryption combined with a zero-knowledge architecture, and is willing to forgo a broader ecosystem, will find that HermitStash offers a combination that is rare among self-hosted tools.




