Peergos

Peergos is a self‑hosted, end‑to‑end encrypted file system that operates over a peer‑to‑peer network. At its core it presents a globally replicated, fine‑grained access‑controlled storage layer that can be mounted as a virtual file system or accessed through a web UI, desktop clients and mobile apps. The platform is designed to keep data ownership in the hands of users: every file, folder and sharing relationship is encoded as cryptographic keys that are never exposed to the hosting node.

Architecture

The stack is predominantly written in Java/Kotlin for its server and client libraries, with a lightweight Go implementation of the P2P layer that handles routing, replication and gossip. Data is stored in a Cassandra‑like distributed key‑value store on each node, but the actual payloads are chunked and placed in a content‑addressable storage that mirrors IPFS semantics. The system uses post‑quantum cryptography (Dilithium/ML‑KEM) for key exchange and AES‑256 for bulk encryption, ensuring that even a compromised node cannot decrypt data. A dedicated identity service issues X.509‑style certificates that can be transferred between servers, allowing users to migrate without data loss.

Core Capabilities

• Fine‑grained ACLs: Permissions are stored as encrypted access control lists (ACLs) attached to each file/folder. APIs expose CRUD operations on ACL entries, with support for role‑based delegation.
• Secret Links: One‑time or revocable URLs are generated by hashing a shared secret into a content hash; the link contains no user credentials.
• Sync API: Clients emit change streams that are reconciled via a conflict‑free replicated data type (CRDT), guaranteeing eventual consistency across devices.
• Messaging & Email: Built on top of the same encrypted channel, these modules expose REST endpoints for sending/receiving messages and bridging to external mail protocols.
• Plugin Hooks: The web‑UI layer exposes a JavaScript plugin API that lets developers inject custom widgets or modify the routing table.

Deployment & Infrastructure

A single Docker Compose file can spin up a full node with minimal configuration: the server, P2P daemon, and database containers. For production, Peergos recommends a Kubernetes deployment with StatefulSets to preserve data persistence. Nodes can be run on commodity hardware or cloud VMs; the P2P layer automatically discovers peers via a bootstrap list or mDNS, making it suitable for local networks as well. Horizontal scaling is achieved by adding more nodes; the system redistributes chunks automatically and maintains a target replication factor defined in the configuration.

Integration & Extensibility

Peergos offers several SDKs (Java, Kotlin, Go) that expose high‑level abstractions for file operations, sharing, and authentication. Webhooks can be configured to trigger on events such as file uploaded or ACL changed, enabling integration with CI/CD pipelines or external notification services. The identity service supports OAuth2 and SAML, allowing organizations to federate user accounts while still keeping data encrypted end‑to‑end. Custom encryption schemes can be plugged in by extending the CryptoProvider interface, giving advanced developers control over key derivation and storage.

Developer Experience

The project ships with comprehensive documentation on the tech book site, which walks through the data model, cryptographic protocol and deployment guidelines. A vibrant community on GitHub hosts discussion threads for feature requests and bug reports, while the mailing list is used for release announcements. The API surface is intentionally lean—most operations are performed through a single REST endpoint that accepts JSON payloads, reducing boilerplate. Unit tests cover over 90% of the core logic, and integration tests validate the P2P replication workflow.

Use Cases

• Enterprise Backup: Companies can deploy a private cluster to store backups, with zero‑trust data access enforced by ACLs.
• Secure Collaboration: Teams can share documents and media without exposing them to a central provider, while still benefiting from real‑time sync.
• Personal Privacy Vault: Individuals can host their own encrypted storage, generate secret links for family members, and migrate between servers without losing keys.
• IoT Edge Storage: Devices can use the Go P2P daemon to offload sensor data to a local cluster, keeping the data encrypted even when transmitted over unsecured networks.

Advantages

Peergos offers a complete privacy stack—from end‑to‑end encryption to post‑quantum key exchange—while remaining open source and license‑free. Its peer‑to‑peer design eliminates single points of failure, and the ability to port identity across servers gives users true control over their data. Compared to cloud providers, developers gain full auditability of the storage layer and can integrate custom business logic via SDKs or webhooks. The use of established cryptographic primitives and a distributed key‑value store ensures performance comparable to mainstream file systems, while the modular architecture allows incremental adoption of new features without disrupting existing deployments.