AGPLv3 · self-hosted · bring your own S3

Cloud storage, made simple and open.

Secure, multi-tenant file storage you run yourself. Point it at Backblaze, Wasabi, R2, or any S3 bucket — get organizations, permissions, versioning, and a full audit trail without handing your data to anyone.

Deploy Freehold See how it works
2.4k stars Go 1.24 · React 18 ~15 min to deploy
freehold@prod
$ ./migrate up
↳ 14 migrations applied · schema current
$ systemctl enable --now freehold
↳ created symlink → /etc/systemd/system
$ curl localhost:8080/api/v1/health
{"status":"ok"}
listening on :8080 storage b2 auth oidc
BRING YOUR OWN OBJECT STORAGE Backblaze B2 Amazon S3 Wasabi Cloudflare R2 MinIO
// ARCHITECTURE

There are no our servers.
File bytes never touch the API.

The API only handles auth and metadata. When you upload or download, Freehold hands the browser a pre-signed URL and the bytes flow straight to your object storage — so transfers stay fast and the API is never a bottleneck.

01 · CLIENT
Browser / PWA

Asks the API where to put bytes, then uploads them directly. Holds a JWT, never a secret.

02 · CONTROL PLANE
Go API

Auth, permissions, metadata, audit log. Issues pre-signed URLs. Validates every JWT against your OIDC provider.

metadata only — no file bytes
03 · STORAGE
Your S3 bucket

B2, Wasabi, R2, MinIO, AWS. Receives bytes directly from the browser over pre-signed URLs.

browser ──── file bytes ────▶ object storage (API bypassed)
// CAPABILITIES

Everything a team needs.
Nothing it doesn't.

No app store. No plugin marketplace. No "platform." Just the storage primitives, done properly.

Multi-tenant

Organizations, teams, and members — each with fully isolated data.

Bitmask permissions

Read / Write / Delete / Share / Admin with ACL inheritance.

File versioning

Full history with point-in-time restore on every file.

Tags & full-text search

Colored tags plus Postgres-powered search across everything.

Share & drop links

Controlled external upload and download via public links.

Audit logging

A complete trail with before / after state on every action.

Direct transfers

Pre-signed S3 URLs — bytes never bottleneck the API.

Installable PWA

Touch-optimized mobile app with offline caching.

// PHILOSOPHY

Not a platform.
Just storage you own.

Most "cloud" tools want to be the center of your whole organization — endless add-ons, integrations, and lock-in. Freehold does one thing: it stores your files, on infrastructure you control, and gets out of the way.

simple useful open free
freehold.acme.internal / engineering
ORGANIZATION
All files
Engineering
Shared with me
Audit log
Settings
Engineering / Designs
+ Upload Share link
NAMEMODIFIEDSIZEVER
system-architecture.pdfspec 2h ago 4.2 MB v7
brand-guidelines.figdesign yesterday 88 MB v3
q3-financials.xlsxfinance 3 days ago 1.1 MB v12
onboarding-video.mp4marketing Apr 2 210 MB v2
incident-2026-0419.mdops Apr 19 12 KB v4
customer-export.csvdata last week 640 KB v1
// STACK

Boring, fast, and yours to audit.

A single compiled Go binary behind systemd, a React frontend you can host anywhere static, and standards-based OIDC. No mystery runtime, no managed dependency you can't replace.

Backend Go 1.24 · Fiber v2 · pgx
Database PostgreSQL 15+ · full-text · pg_trgm
Frontend React 18 · Vite 5 · TypeScript · Zustand
UI Tailwind · Radix UI · lucide-react
Mobile React 18 PWA · Workbox · PDF.js
Auth OIDC (Auth Code + PKCE) · JWT via JWKS
Storage S3-compatible — B2, Wasabi, MinIO, AWS

Own your storage
in about 15 minutes.

Three external services, one binary, one static frontend. The deployment guide walks every step — Postgres, your bucket, OIDC, systemd, TLS.

quickstart.sh copy
$ go build -o freehold ./cmd/freehold
$ ./migrate up # idempotent
$ systemctl enable --now freehold
Read the deployment guide ↗ Star on GitHub