# upspin/upspin

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/upspin-upspin).**

6,398 stars · 314 forks · Go · Apache-2.0

## Links

- GitHub: https://github.com/upspin/upspin
- Homepage: https://upspin.io
- awesome-repositories: https://awesome-repositories.com/repository/upspin-upspin.md

## Topics

`cryptography` `fuse` `golang` `sharing` `storage` `upspin`

## Description

Upspin is a decentralized naming and storage system that provides an end-to-end encrypted file system. It assigns every user a unique identity and organizes files within a global, permissioned namespace where data is encrypted on the client before transmission.

The system separates identity resolution from data storage using a public-key identity provider and a key-server architecture. This allows for decentralized identity management and the resolution of usernames to specific directory and storage server addresses.

The project includes a hierarchical access control system that manages read and write permissions through directory-based rules and plain-text files. It also features a virtual filesystem integration that uses FUSE to expose the remote global namespace as a local mount point on Linux and macOS.

Additional capabilities include a command-line interface for namespace administration, client-side metadata caching to reduce latency, and tools for storage server deployment.

## Tags

### Security & Cryptography

- [End-to-End Encryption](https://awesome-repositories.com/f/security-cryptography/privacy-data-protection/data-encryption/end-to-end-encryption.md) — Encrypts data blocks on the client side before transmission to ensure server-side blindness.
- [Identity-Storage Decoupling](https://awesome-repositories.com/f/security-cryptography/cryptographic-key-management/key-address-mapping/identity-decoupling/identity-storage-decoupling.md) — Decouples identity resolution from data storage by mapping usernames to servers via a key server.
- [End-To-End Encryption Systems](https://awesome-repositories.com/f/security-cryptography/cryptography/end-to-end-encryption-systems.md) — Implements an end-to-end encrypted storage system where only authorized users can decrypt content.
- [Hierarchical Access Controls](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/data-resource-permissions/content-access-control-engines/hierarchical-access-controls.md) — Manages read and write permissions through recursive directory-based rules and plain-text files.
- [Permission Rule Groups](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/data-resource-permissions/key-level-access-controls/key-scoped-permissions/permission-rule-groups.md) — Assigns specific read, write, create, list, or delete permissions to named users or group members via access files. ([source](https://upspin.io/doc/access_control.html))
- [Decentralized Identity Frameworks](https://awesome-repositories.com/f/security-cryptography/identity-management-systems/decentralized-identity-frameworks.md) — Registers and resolves user identities with public-key cryptography and a key server.
- [Public Key Authentication](https://awesome-repositories.com/f/security-cryptography/public-key-authentication.md) — Uses public-private key pairs and a key server to authenticate users and verify identities.
- [Identity Addressing](https://awesome-repositories.com/f/security-cryptography/public-key-authentication/identity-addressing.md) — Resolves user identities by looking up public keys and directory server addresses from a central key server. ([source](https://upspin.io/doc/arch.html))
- [Public Key Identity Providers](https://awesome-repositories.com/f/security-cryptography/public-key-authentication/identity-addressing/public-key-identity-providers.md) — Uses a key-server architecture to map user identities to public keys and server addresses for secure peer discovery.
- [Identity-Based File Access Control](https://awesome-repositories.com/f/security-cryptography/remote-access-security/secure-file-access/identity-based-file-access-control.md) — Enforces file and directory access permissions using identity-based rules defined in plain-text files. ([source](https://upspin.io/doc/access_control.html))
- [Link Traversal Controls](https://awesome-repositories.com/f/security-cryptography/access-restrictions/membership-based-access-controls/link-traversal-controls.md) — Requires an access right on a link entry before a caller can follow it to its target to enforce traversal restrictions.
- [Unauthorized Response Customization](https://awesome-repositories.com/f/security-cryptography/custom-permissions/unauthorized-response-customization.md) — Hides directory entries or returns privacy errors when a user lacks the necessary access rights to view them. ([source](https://upspin.io/doc/access_control.html))
- [Wildcard](https://awesome-repositories.com/f/security-cryptography/permission-systems/wildcard.md) — Supports wildcard permissioning to grant access rights to all authenticated users or all users within a specific domain. ([source](https://upspin.io/doc/access_control.html))
- [File and Folder Permissions](https://awesome-repositories.com/f/security-cryptography/user-access-management/file-and-folder-permissions.md) — Implements a system for managing read and write access to directories using plain-text access files.

### Data & Databases

- [Block Storage](https://awesome-repositories.com/f/data-databases/block-storage.md) — Separates the metadata layer from the actual storage of encrypted data blocks on store servers.
- [File Retrieval Systems](https://awesome-repositories.com/f/data-databases/file-retrieval-systems.md) — Retrieves files by fetching directory entries and decrypting data blocks from store servers. ([source](https://upspin.io/doc/arch.html))
- [Global Namespace Protocols](https://awesome-repositories.com/f/data-databases/global-namespace-protocols.md) — Assigns secure, global names to files and data across diverse storage services using a uniform naming protocol. ([source](https://cdn.jsdelivr.net/gh/upspin/upspin@master/README.md))
- [Hierarchical Metadata Trees](https://awesome-repositories.com/f/data-databases/hierarchical-metadata-trees.md) — Organizes file metadata in a directory server as a tree of entries pointing to encrypted blocks in store servers.
- [Discovery Key Registration](https://awesome-repositories.com/f/data-databases/discovery-key-registration.md) — Generates public-private key pairs and registers public keys with a key server to establish new user profiles. ([source](https://upspin.io/doc/signup.html))
- [Local Caching Layers](https://awesome-repositories.com/f/data-databases/local-first-storage/local-caching-layers.md) — Caches recently accessed directory entries and storage blocks locally to reduce network latency and server load.
- [Block Caches](https://awesome-repositories.com/f/data-databases/multi-level-caching/block-caches.md) — Implements block-level caching of storage data to accelerate repeated retrieval of encrypted blocks. ([source](https://upspin.io/doc/config.html))

### Networking & Communication

- [Decentralized Naming Systems](https://awesome-repositories.com/f/networking-communication/decentralized-naming-systems.md) — Assigns every user a unique identity within a global, permissioned naming and storage system.

### Software Engineering & Architecture

- [Hierarchical Metadata Structures](https://awesome-repositories.com/f/software-engineering-architecture/hierarchical-metadata-structures.md) — Organizes file metadata in directory servers as a tree of entries pointing to encrypted blocks.
- [Identity-Storage Decoupling Architectures](https://awesome-repositories.com/f/software-engineering-architecture/identity-storage-decoupling-architectures.md) — Separates identity resolution from data storage using a central key server to map usernames to directory and storage server addresses.

### Operating Systems & Systems Programming

- [FUSE-Based Filesystem Mounts](https://awesome-repositories.com/f/operating-systems-systems-programming/filesystem-mounting/fuse-based-filesystem-mounts.md) — Exposes the remote global namespace as a local filesystem on Linux and macOS using the FUSE interface.
- [FUSE Virtual Filesystems](https://awesome-repositories.com/f/operating-systems-systems-programming/fuse-virtual-filesystems.md) — Exposes the remote naming hierarchy as a local mount point via the FUSE kernel module.

### Web Development

- [Metadata Caches](https://awesome-repositories.com/f/web-development/state-synchronization/client-side-caching/metadata-caches.md) — Caches directory entries and storage blocks locally to accelerate repeated data access.