Ente

Ente is a monorepo‑based, end‑to‑end encrypted platform that bundles both server and client code for photo storage (Ente Photos) and two‑factor authentication (Ente Auth). From a developer’s perspective, the project is an end‑to‑end system that can be self‑hosted on any cloud or bare‑metal environment. The architecture is intentionally modular: a Go‑based microservice back end exposes a REST/GraphQL API, while the front ends are written in React (web), Swift/Kotlin (mobile) and Go/Qt (desktop). All code is open source, with third‑party audits from Cure53 and Symbolic Software.

Key Features

• 3× data replication across geographically distinct buckets, automatically managed by the server.
• On‑device face detection and grouping using TensorFlow Lite, with zero‑knowledge AI for semantic search.
• Private sharing & collaborative albums via encrypted link generation and role‑based access control.
• Background uploads that resume across network changes, implemented with a local queue and exponential backoff.
• Zero‑knowledge encryption: client‑side key derivation (scrypt/Argon2) and per‑object AES‑GCM encryption before upload.

Technical Stack

The server is a single binary that can be containerized; it ships with a built‑in migration runner for PostgreSQL and optional integration with external object stores. Clients perform all cryptographic operations locally, exposing only encrypted blobs to the server.

Core Capabilities & APIs

• Upload/Download API: multipart upload endpoints that accept pre‑signed URLs; client can stream encrypted data directly to S3.
• Metadata API: CRUD for albums, tags, face groups; supports batch operations and WebSocket notifications.
• Sharing API: Generate time‑limited public links with embedded access tokens; supports guest view and read‑only modes.
• Search API: Natural‑language queries powered by a local on‑device ML model; server returns tokenized results that the client de‑crypts.
• Webhooks: Optional outbound hooks for external services (e.g., backup to NAS, CI pipelines).

Deployment & Infrastructure

Ente is designed for self‑hosting with minimal operational overhead:

• Containerization: Docker Compose and Helm charts are provided; the server image is <200 MB.
• Scalability: Stateless API nodes can be horizontally scaled behind a load balancer; PostgreSQL uses read replicas, while object storage is inherently scalable.
• High Availability: The replication layer ensures that a failure in one region does not lose data; the API can be run in a multi‑AZ setup.
• Monitoring: Prometheus metrics exposed, with optional Grafana dashboards.

Integration & Extensibility

• Plugin System: The server exposes a plugin interface via Go’s plugin package; developers can write custom modules for additional storage backends or analytics.
• SDKs: A Go SDK is available for interacting with the API programmatically; TypeScript bindings are auto‑generated from GraphQL schema.
• Webhooks & Callbacks: External services can subscribe to events such as “photo uploaded” or “album shared”.
• Custom UI Themes: The React client supports CSS variables and a theming API for branding.

Developer Experience

• Documentation: Comprehensive README, architecture diagrams, and in‑repo docs (docs/) cover setup, API reference, and contribution guidelines.
• Community: Active GitHub discussions, a public Slack channel, and quarterly security audits keep the ecosystem healthy.
• Configuration: All settings are environment‑variable driven; a .env.example file ships with sensible defaults.
• Testing: End‑to‑end tests use Cypress for the web client and unit tests in Go; CI runs a full test matrix.

Use Cases

1. Enterprise Photo Backup – Deploy on an internal Kubernetes cluster to provide employees with a secure, self‑hosted photo archive.
2. Personal Cloud – Run on a Raspberry Pi with MinIO; use the 10 GB free tier for personal data.
3. Developers’ Test Bed – Use the API to build custom photo management tools or integrate with other services (e.g., a home automation system that triggers on new uploads).
4. Educational Projects – Leverage the open‑source code to teach secure distributed systems and client‑side encryption.

Advantages Over Alternatives

• End‑to‑end encryption is built into every layer, eliminating trust in the provider.
• Open source with formal audits, giving developers confidence in security posture.
• Cross‑platform client parity: one code base for mobile, web, and desktop reduces maintenance.
• Low licensing overhead – MIT‑style license allows commercial use without fees.
• High performance – Go