v2.4.1 — AES-256 End-to-End Encrypted

File management
for hackers &
power users.

Upload, encrypt, share and transfer files with the speed and control you actually deserve. Built for devs, by devs. No bloat. No BS. No excuses.

bytevault — zsh — 80×24
user@bytevault:~$ bv upload ./project.tar.gz --encrypt --share

// core_features

Everything you need.
Nothing you don't.

Engineered for max throughput, zero vendor lock-in, and absolute zero-knowledge security. POSIX-compliant. API-first. Scriptable.

☁️

cloud_upload()

Multi-part upload with auto-resume. Pipe from stdin, drop folders, or mount as a FUSE drive. S3-compatible backend with global edge CDN across 22 regions.

up to 25 GB / file

p2p_transfer()

WebRTC peer-to-peer transfers that never hit our servers. Direct device-to-device with automatic relay fallback if NAT traversal fails. LAN-aware routing.

zero-server P2P
🔗

share_link()

Generate HMAC-signed URLs with configurable TTL, password protection, download quotas, and per-link audit logs. Works via API, CLI, or dashboard.

signed + expiring
🔐

encrypt_vault()

AES-256-GCM with client-side key generation. We store ciphertext only. Zero-knowledge by design — we literally cannot read your files, even if subpoenaed.

E2E zero-knowledge
📡

delta_sync()

Chunk-based binary diff protocol — only transfers what changed. Rsync-style rolling checksums with deduplication at the block level. Up to 90% less bandwidth.

rsync-style diff
🛠️

cli & rest_api()

First-class CLI, fully documented REST API, webhooks, and SDKs for Python / Node / Go / Rust. OpenAPI 3.1 spec. Everything scriptable. No clicks required.

api-first design

// how_it_works()

Simple protocol.
Zero guessing.

01

auth --keygen

Sign up, generate your keypair locally. Private key never leaves your device. We issue a session JWT, you keep full control.

02

vault --init

Create a vault (root namespace). Set storage class, encryption policy, default TTL, and access control lists using JSON policy files.

03

bv push ./files

Upload via CLI, drag-and-drop, or API. Files are chunked, encrypted client-side, deduplicated, and written across 3 redundant nodes.

04

share --grant

Generate signed links or grant ACL access to specific keys. Set expiry, download limits, IP allow-lists, and receive webhook callbacks on access.

input_file ./secret_project.tar.gz
size 847.3 MB
sha3_256 a3f8c2d1b9e4...
↓  AES-256-GCM encrypt(key, nonce)
ciphertext 3a9f2c8b1d4e7a6f...
nonce f8a3c1d9e2b705...
auth_tag 9e2f1a4b7c3d...
key_ref vault:usr:k_9f2a...
↓  chunk → replicate → store
nodes ✓ 3 of 3 confirmed
integrity ✓ BLAKE3 verified

// security_model

Zero-knowledge.
Zero excuses.

Your files are encrypted before they leave your machine. We store ciphertext and metadata only. We cannot read your files — not even if we wanted to, not even if a government agency asked nicely.

All cryptographic primitives are from audited, well-vetted libraries. No homebrew crypto. No trust required.

[✓] AES-256-GCM — symmetric encryption per file chunk
[✓] X25519 ECDH — key exchange for file sharing
[✓] Argon2id — password-based key derivation (KDF)
[✓] BLAKE3 — integrity checksums, dedup fingerprints
[✓] TLS 1.3 only — no downgrade, HSTS enforced
[✓] SOC 2 Type II — infrastructure audited annually
99.99%
uptime_sla
2.4PB
data_stored
180k
active_nerds
<50ms
avg_latency

// ready_to_execute?

Stop using cloud drives
built for your grandma.

Built by engineers who got tired of slow, bloated, and insecure cloud storage. From nerds. For nerds. Ship it.