Features
A complete S3-compatible storage server built for simplicity, security, and single-node deployments.
Full API coverage
16 S3 API endpoints implemented with complete request/response compatibility.
| Operation | Endpoint | Status |
|---|---|---|
| CreateBucket | PUT /{bucket} | ✓ |
| DeleteBucket | DELETE /{bucket} | ✓ |
| HeadBucket | HEAD /{bucket} | ✓ |
| ListBuckets | GET / | ✓ |
| PutObject | PUT /{bucket}/{key} | ✓ |
| GetObject | GET /{bucket}/{key} | ✓ |
| HeadObject | HEAD /{bucket}/{key} | ✓ |
| DeleteObject | DELETE /{bucket}/{key} | ✓ |
| ListObjectsV2 | GET /{bucket}?list-type=2 | ✓ |
| CopyObject | PUT /{bucket}/{key} (x-amz-copy-source) | ✓ |
| CreateMultipartUpload | POST /{bucket}/{key}?uploads | ✓ |
| UploadPart | PUT /{bucket}/{key}?partNumber&uploadId | ✓ |
| CompleteMultipartUpload | POST /{bucket}/{key}?uploadId | ✓ |
| AbortMultipartUpload | DELETE /{bucket}/{key}?uploadId | ✓ |
| ListParts | GET /{bucket}/{key}?uploadId | ✓ |
| ListMultipartUploads | GET /{bucket}?uploads | ✓ |
Secure by default
Multiple layers of security built into every request.
AWS Signature v4
Full SigV4 authentication with HMAC-SHA256 signing, including chunked transfer encoding support.
Per-bucket Credentials
Each bucket has isolated access keys. Create multiple credentials with different permission levels.
Read-only Access
Grant read-only credentials for CDN endpoints, public assets, or audit access without write risk.
Path Traversal Protection
All object keys are validated and sanitized. Directory traversal attacks are blocked at the protocol level.
TLS Support
Native TLS termination with automatic certificate loading. No reverse proxy required for HTTPS.
Atomic Writes
Objects are written to temporary files and atomically renamed. No partial writes on crash or power loss.
Built for real workloads
From tiny config files to multi-gigabyte backups.
Multipart Upload
Upload files up to 5TB with resumable multipart uploads. Up to 10,000 parts with configurable part sizes from 5MB to 5GB.
Range Requests
Serve partial content with HTTP Range headers. Stream video, resume downloads, and read specific byte ranges efficiently.
Presigned URLs
Generate time-limited URLs for GET and PUT operations. Share objects securely without exposing credentials.
Bucket Quotas
Set maximum storage limits per bucket. Monitor usage and enforce hard limits to prevent runaway consumption.
Simple to operate
Manage everything from the command line. No web console required.
Built-in CLI
Create buckets, manage credentials, check status — all from the same binary. No separate admin tool needed.
Graceful Shutdown
SIGTERM triggers a clean shutdown. In-flight requests complete, connections drain, and data integrity is preserved.
Systemd Ready
Ships with a systemd service template. Auto-start on boot, automatic restart on failure, journal logging.
Live Management
Create buckets and credentials while the server is running. No restart required for configuration changes.
Simple, robust internals
Pure Go, no CGO, no external dependencies. Designed for reliability.
SQLite WAL Mode
Metadata stored in SQLite with Write-Ahead Logging for concurrent reads and crash-safe writes.
Pure Go
No CGO, no system dependencies. Cross-compile for any platform with a single command.
Cross-platform
Runs on Linux (x86_64, ARM64, ARMv7), macOS (Intel & Apple Silicon). Same binary, same behavior everywhere.