- C# 66.1%
- TypeScript 20.6%
- HTML 7%
- SCSS 4.8%
- Shell 1.4%
| assets | ||
| deployment | ||
| docs | ||
| Frontend | ||
| PlikShare | ||
| PlikShare.IntegrationTests | ||
| PlikShare.Tests | ||
| .dockerignore | ||
| .gitignore | ||
| build-docker-image.ps1 | ||
| CHANGELOG.md | ||
| Dockerfile | ||
| LICENSE | ||
| PlikShare.sln | ||
| publish-docker-image.ps1 | ||
| README.md | ||
| THIRDPARTY.md | ||
| TRADEMARK.md | ||
PlikShare
PlikShare is a self-hosted file sharing application that allows you to securely share files with others.
Features
- Self-hosted file sharing solution
- Secure file upload and download
- User management
- Access control
- Files Encryption
- Easy deployment
- Box Widgets which can be embedded on the other websites
- SSO (Single Sign-On) with OIDC providers (Google, GitHub, etc.)
- Granular admin permissions
Supported storage
- VPS Hard drive
- AWS S3
- Cloudflare R2
- DigitalOcean Spaces
- Backblaze B2
- Azure Blob Storage
- Google Cloud Storage
Hey Claude, how to pronounce it?
I double-checked - he made no mistake this time. It's "pleek-share" (plēk-shâr)!
Where "Plik" in ancient Polish means "file".
(Yeap, it's hard to find good domain name these times 🥲)
How to install
All the necessery instructions can be found here: https://plikshare.com/download
Docker image is available here: https://hub.docker.com/r/damiankrychowski/plikshare
Docker image supports both AMD64 and ARM64 architectures.
How to setup
To start using PlikShare you need to do two things:
- Configure an email client (so that PlikShare can send notifications, confirm user emails etc.)
- Configure a storage
Single Sign-On (SSO)
PlikShare supports Single Sign-On via OIDC providers like Google or Keycloak. You can configure multiple providers, use preset configurations for popular services, and even disable password login entirely to enforce SSO-only authentication.
Encryption modes
PlikShare offers three encryption modes, configured per storage at creation time. Different storages in the same installation can use different modes — pick the one that matches the threat model of the data being stored.
No encryption
Files are written to storage as plaintext. There is no key material, no recovery code, no per-storage setup. Suitable for non-sensitive content, internal sharing, or when the underlying storage backend already provides the confidentiality guarantees you need.
Managed encryption
File contents are encrypted at rest with AES-256-GCM. The encryption keys are held server-side, wrapped under the server's master password (provided as the PlikShare_EncryptionPasswords environment variable). The server can read files at any time without user action; an attacker who only obtains the file storage cannot.
Key properties:
- Server-managed keys. No per-user setup; the server decrypts on the user's behalf.
- Per-storage IKM stored in the database wrapped by the server master password.
- 24-word BIP-39 recovery code returned at storage creation: re-derives the IKM offline if the database or the master password is ever lost.
- Threat coverage: file-storage compromise alone leaks no plaintext. A combined DB + master-password compromise does — for that threat, use full encryption.
For the full design — server master password, IKM hierarchy, file frame format, recovery flow — see docs/managed-encryption.md.
Full encryption
File contents, file/folder names, and the sensitive fields of audit log entries are encrypted at rest with keys derived from each user's encryption-password. The server stores only ciphertext, wrapped keys, and public keys — an attacker with full access to the database and file storage cannot read user data without a user's encryption-password or recovery code.
Key properties:
- Per-user X25519 keypair unlocked by an encryption password (Argon2id-derived KEK).
- Per-workspace DEK sealed to each member's public key — sharing a workspace doesn't require the recipient to be online.
- 24-word BIP-39 recovery code as the disaster-recovery root: even if the database is lost, files left in storage stay decryptable.
- Scoped keys: a phished password unlocks only what that specific user had access to — no global decryption.
Out of scope: an attacker with live access to the running server process capable of dumping memory while a user is actively decrypting data. Any in-process cryptography requires keys in plaintext at the moment of use; full-encryption mitigates this by keeping unwrapped keys in pinned/mlocked memory, scoping them to the request that needed them, and zeroing them as soon as the response is flushed — but it cannot protect against an attacker who can observe that memory.
For the full design — key hierarchy, file frame format, metadata envelope, recovery flows, invitation/revocation, and DEK rotation — see docs/full-encryption.md.
How to upload files
The fastes way is to create zip archive out of the files you want to upload and then use PlikShare bulk upload feature!
How to download files
My favorite way to download files from PlikShare is to use explorer tree view - there you pick files and folders you want to have in your final archive and download them at once.
How to share files
PlikShare allows you to create "boxes" - a layer that connects your folders to the external world. These boxes give you control over how others interact with your selected folders. With boxes, you can:
- Invite team members to collaborate
- Create anonymous links with various permission levels
- Set up read-only boxes where others can only view content
- Create upload-only boxes where users can add files without seeing existing content
This structured approach provides a secure and flexible way to share your files while maintaining precise control over access permissions.
How to preview files
PlikShare includes a built-in preview function for various file formats. You can open videos, audio files, text files, PDFs, and it can render markdown files directly in the browser.
I couldn't resist implementing ZIP file browsing capabilities as well. This feature allows you to navigate through ZIP archives and even preview files contained within them without having to extract the archive first.
How to embed box widget on other websites
Each PlikShare box can be used as a widget and embedded on other websites. To do this, you need to:
- Create a box
- Create a link
- Set required permissions
- Click the widget setup
- Add the destination website origin to the allowed list
On your website, you'll need to import the provided JavaScript and CSS files in the head section. Then you can use the <plikshare-box-widget> web component.
Here's how it looks in practice (as seen on https://plikshare.com):
Markdown Files
PlikShare can render markdown files and it supports mermaid diagrams. Markdown files are also the only files in PlikShare (for now!) that can be directly edited.
Why? It's connected with my development plans for the app. My long-term goal is to integrate PlikShare seamlessly with AI such as ChatGPT, Claude, etc., and markdown seems like a natural choice for a file format that is both easy for people to write and for AI to understand.
Integration: AWS Textract (OCR)
The first integration I added to PlikShare is Textract - it allows users to extract text from PDFs (or images). To configure Textract, we first need to configure AWS S3 as storage, because Textract operates on files stored there.
When S3 is configured, we need to add the Textract integration (it's important to prepare access keys with appropriate permissions - but in case of any mistakes, the configuration test should fail and inform us what is wrong).
And finally, when everything is ready, we can extract text from a PDF:
How does it work? Behind the scenes, PlikShare copies a file into the Textract storage, triggers the extraction, copies the result back into the original workspace, and then removes the file from AWS S3. Fancy!
Integration: Chat GPT
The second integration is the possibility to use your text files with ChatGPT and run queries against them. That's why I started with OCR so that I can have an easy way to convert PDF -> text and not worry about how to push PDF into AI directly as these are still very early stages of these integrations.
To use ChatGPT, we need to configure it first, and then an additional option at the file preview level is available to talk to chat and to include the file (or its attachments) in the query. What is convenient is the possibility to convert all files produced by AI into file attachments - just as Textract results were stored as attachments.
Contact Information
Having trouble with self-hosting or interested in a managed version with support?
- Schedule a call: https://cal.com/damian.krychowski
- Email: damian.krychowski@hey.com
Changelog
Release notes and per-version highlights live in CHANGELOG.md.
License
PlikShare is developed and maintained by Damian Krychowski. PlikShare is distributed under an AGPLv3 license.
Third-party attributions (BIP-39 wordlist and related test vectors) are listed in THIRDPARTY.md.
Trademark
The name "PlikShare" and the PlikShare logo are trademarks owned by Damian Krychowski and are not covered by the AGPLv3 license. Please see TRADEMARK.md for usage guidelines.