30 open-source projects similar to cryptpad/cryptpad, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cryptpad alternative.
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis
This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.
Snapdrop is a web-based local file sharing tool and progressive web app designed for transferring files between devices on the same local network. It functions as an end-to-end encrypted transfer tool that allows users to move data across different devices and operating systems without manual configuration. The service supports self-hosting through a containerized deployment model, allowing users to run private instances of the file sharing service on their own infrastructure. This ensures that data transfers remain within a private local network. The system uses a signaling server for local
Upspin is a decentralized naming and storage system that provides an end-to-end encrypted file system. It assigns every user a unique identity and organizes files within a global, permissioned namespace where data is encrypted on the client before transmission. The system separates identity resolution from data storage using a public-key identity provider and a key-server architecture. This allows for decentralized identity management and the resolution of usernames to specific directory and storage server addresses. The project includes a hierarchical access control system that manages read
Send is an end-to-end encrypted file sharing service that encrypts files on the sender's device before upload, ensuring the server never sees plaintext content. It generates secure download links that are designed for single use, automatically removing access after the first successful download, and associates each share with a time-limited access token that expires after a set duration. The service operates without requiring user accounts, lowering friction for ephemeral sharing, and uses cryptographic key derivation to generate decryption keys from the download URL, eliminating server-side
Linsa.io is an end-to-end encrypted cloud storage service and zero-knowledge data vault. It functions as a private content sharing platform that encrypts files and data on the client side, ensuring only the owner can access the stored content. The project employs a local-first approach, processing data updates and encryption on the local device before syncing encrypted blobs to a remote persistence layer. It uses a zero-knowledge architecture where the service provider cannot access decryption keys or view the plaintext content of stored files. The platform provides capabilities for private
Joplin is an open-source, cross-platform note-taking application designed for secure, private knowledge management. It functions as a local-first productivity platform, maintaining a complete relational database on the user's device to ensure offline availability and high-performance data retrieval. The application prioritizes data sovereignty by implementing an end-to-end encryption layer, which secures all information locally with a master key before any synchronization occurs. The platform distinguishes itself through a delta-based synchronization engine that transmits only specific file c
PrivateBin is a self-hosted, zero-knowledge text hosting service and secret sharing tool. It utilizes browser-based AES 256-bit encryption to ensure that data is encrypted on the client side before transmission, meaning the hosting server cannot read or recover the original content. The project distinguishes itself by using URL fragments to distribute decryption keys, preventing the secret key from ever being sent to the server. It supports the distribution of both encrypted text and files, which are compressed and encrypted locally prior to storage. The platform includes capabilities for an
Seafile is a self-hosted file synchronization and sharing platform that provides a central server for maintaining file consistency across multiple devices. It functions as a cloud storage management system and a collaborative document suite, integrating tools for real-time teamwork and shared file management. The platform distinguishes itself through a metadata-driven file organizer that uses extensible properties and hierarchical tags instead of traditional folder structures. It includes client-side encrypted storage to protect private data using user-defined passwords before files leave the
Microbin is a self-hosted file sharing application and encrypted pastebin written in Rust. It provides a platform for hosting text snippets and binary files via unique links, functioning as both a secure file drop and a URL shortener. The system features client-side end-to-end encryption, ensuring the server does not see plaintext data before it is transmitted. It includes secure postbox portals for collecting documents from external clients and supports password-protected access control to restrict content visibility. The platform manages the upload lifecycle through time and view-based exp
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
anytype-ts is a TypeScript client library and offline-first knowledge base client designed for managing structured layouts and modular blocks within a private distributed database. It functions as a zero-knowledge data synchronizer and schema-driven API wrapper that enables the secure replication of encrypted data across devices. The library utilizes peer-to-peer connectivity and zero-knowledge encryption to ensure data remains private and unreadable to hosting infrastructure. It employs a schema-driven approach to compile data definitions into typed language bindings, ensuring consistent com
OpenReplay is a session replay platform and frontend debugging suite designed to record and play back user browser sessions. It functions as a user behavior monitoring system that captures interaction patterns and technical metadata to identify conversion issues and revenue loss. The platform is distinguished by its self-hosted infrastructure model, allowing the recording and analytics pipeline to be deployed on private servers for full control over data residency. It also includes a browser co-browsing tool for real-time screen sharing and direct communication to provide immediate technical
Remotely Save is a cloud storage synchronization tool and backup manager designed to keep local files and application data consistent across desktop and mobile devices. It functions as a cross-platform synchronizer that mirrors local data to remote servers using S3 and other cloud protocols. The project focuses on privacy and security through end-to-end encryption, which secures files with a user-defined password before they are uploaded to remote cloud services. It ensures data remains private on third-party servers by applying symmetric client-side encryption. The system includes capabilit
Ockam is a zero-trust networking framework designed to secure data transit between distributed applications using an identity-based network overlay. It provides the primitives necessary to establish mutually authenticated and end-to-end encrypted connections, removing the reliance on traditional network-layer security. The project is distinguished by its use of attribute-based access control and verifiable credentials to manage trust at scale. It implements cryptographic identity rotation to maintain identity continuity and integrates with hardware-backed key management systems to secure priv
Send is a self-hosted file transfer service designed for end-to-end encrypted file sharing. It provides a privacy-focused data transfer solution and ephemeral file storage where uploaded content is automatically deleted after a specified number of downloads or a set amount of time. The service ensures private file sharing by utilizing client-side encryption to protect data before it is uploaded. Decryption keys are distributed to recipients via URL hash fragments to ensure the server never has access to the keys. The platform supports encrypted data transfer and temporary file hosting. It us
Croc is a command-line utility for sending files and folders between computers using end-to-end encrypted peer-to-peer connections. It employs elliptic curve encryption and key agreement to secure data transmission between remote endpoints. The tool allows users to coordinate transfers using a shared code phrase and supports the operation of custom relay servers to facilitate connections without relying on public infrastructure. It also includes a proxy client to route encrypted traffic through SOCKS5 proxies. Additional capabilities include resumable data transmission for unstable connectio
n2n is a peer-to-peer VPN that creates an encrypted mesh network by establishing layer 2 overlay networks. It uses UDP tunneling to connect remote computers into a shared virtual local area network, allowing devices to communicate as if they were on the same physical Ethernet switch. The system utilizes a centralized signaling registry and federated coordination nodes to facilitate peer discovery and node registration. It implements NAT traversal through UDP hole punching and UPnP port mapping, while using supernode relay routing to ensure connectivity when symmetric NATs prevent direct peer-
Tutanota is an end-to-end encrypted email client and privacy-focused mail server. It functions as a cross-platform secure messaging application that provides encrypted email and calendar synchronization across desktop and mobile devices. The system ensures that only the sender and recipient can read messages by implementing a zero-knowledge architecture, where the service provider cannot access user private keys or cleartext data. This is achieved through client-side encryption and the use of asymmetric key exchange to share encrypted messages without prior secret key exchange. The platform
Deskreen is a wireless screen mirroring and virtual display tool that streams a computer screen or specific application windows to any device with a web browser. It functions as a virtual display streamer and a web-based secondary monitor, allowing users to extend their desktop workspace to remote devices over a local network. The system supports end-to-end encrypted screen sharing to protect display data and utilizes virtual display adapters to treat remote browsers as extended screens. It includes capabilities for multi-device broadcasting, enabling a single video source to be mirrored acro
Kopia is a backup utility designed to create encrypted, deduplicated, and compressed snapshots of files and directories. It functions as a client-side tool that secures data locally before transmitting it to various storage targets, ensuring that sensitive information remains protected throughout the backup process. The system utilizes content-addressable block storage and metadata-driven versioning to identify and remove redundant data across multiple snapshots. By employing a pluggable storage abstraction layer, it supports a wide range of local, network, and cloud-based storage providers,
Electric is a Postgres data synchronization engine and replication proxy designed to enable local-first software. It replicates data from Postgres databases to client-side stores in real time using logical replication, allowing applications to maintain a local embedded database for offline access and low-latency updates. The system distinguishes itself by using shapes to filter and authorize specific subsets of database rows and columns before streaming them to clients or edge workers. It further supports multi-user collaboration by integrating a conflict-free replicated data type framework t
Illa-builder is a low-code internal tool builder and API integration platform used to create business applications and admin panels. It functions as a database GUI dashboard and visual workflow automator, allowing users to connect to databases and external APIs to manage data and automate business processes. The platform provides a self-hosted app framework that can be deployed on private infrastructure via Docker. It enables the creation of custom dashboards and CRMs while maintaining full control over data and hosting. The system includes a visual drag-and-drop canvas for designing user in
BillionMail is a self-hosted email infrastructure and marketing platform designed to provide full control over mail delivery, domain management, and subscriber communication. It functions as a comprehensive mail server manager that enables users to deploy and maintain private email environments, including integrated webmail interfaces for direct account access. The platform distinguishes itself by combining high-volume bulk email distribution with sophisticated deliverability tools. It supports multi-tenant infrastructure provisioning, allowing administrators to manage multiple domains and ma
This project is a self-hosted cloud storage server and content collaboration platform implemented as a PHP web application framework. It functions as a centralized server for storing, synchronizing, and sharing files and data across multiple devices. The system operates as a WebDAV file server and a synchronization server for scheduling and contact information using CalDAV and CardDAV protocols. It features a plugin architecture that allows the server to be extended with additional applications and custom features. The platform provides capabilities for user and group access management, exte
This project is a synchronization plugin that mirrors notes, settings, and vault data across multiple devices. It functions as a self-hosted vault synchronizer, allowing users to maintain a personal knowledge base using a user-owned server. The system utilizes a CouchDB synchronization layer to maintain consistent document states across peers. Security is handled through end-to-end encryption, which encrypts vault content locally before transmission to ensure privacy on remote storage. The replication model supports both self-hosted data replication and peer-to-peer data transfer. It manages
StackEdit is a browser-based Markdown editor designed for structured document authoring and collaborative content creation. It functions as an offline-first web application, allowing users to maintain full access to their documents and editing tools without an active internet connection, with changes automatically synchronized once connectivity is restored. The platform distinguishes itself through its support for real-time multi-user collaboration, utilizing operational transformation to merge concurrent edits from multiple participants. It features a modular architecture that supports speci
This project is a curated collection of deployment files and configurations for hosting a wide variety of open-source services on a home server. It primarily utilizes Docker and Docker Compose to automate the orchestration, lifecycle management, and deployment of containerized applications. The repository provides a comprehensive suite for self-hosted infrastructure, covering network management tools, media streaming, and home automation. It includes specialized configurations for securing internal services via reverse proxies, WireGuard VPN tunnels, and automated SSL/TLS certificate manageme
Libsodium is a portable, C-based cryptographic library that provides a collection of modern primitives for encryption, decryption, digital signatures, password hashing, and secure key exchange. It is designed to facilitate secure communication and data integrity across diverse hardware architectures and operating systems. The library distinguishes itself by utilizing constant-time primitive execution to prevent side-channel attacks and employing memory-hard algorithms to increase the difficulty of brute-force password attacks. It abstracts complex mathematical operations into simplified inter