For a while now I’ve wanted to offer file storage to family and friends on my homelab, but I kept putting it off. It wasn’t about disk space or setup, it was trust. I didn’t want to be in a position where I could look at their files, even if I never would. And they’d know that too, which makes people hesitant to actually use it.
So I looked around at what’s out there. Nextcloud has end-to-end encryption, but with some known gaps. Most other self-hosted options just rely on disk encryption, which protects you if someone steals the physical drive, but does nothing against a compromised server or an admin poking around.
That’s the part I actually wanted solved: real zero-knowledge encryption, where privacy comes from the cryptography and not from me promising to behave.
So I built Agam Space .
Everything is encrypted in the browser before it ever leaves your device - files and their metadata, using XChaCha20-Poly1305 with Argon2id for the key derivation. The master password never leaves your device either. The server only ever sees encrypted blobs, so even I, running the server, can’t decrypt anyone’s files.
The name comes from Tamil - Agam (அகம்) refers to the inner, personal world, as opposed to what’s public. Felt fitting.
A few other things it does:
- Passkey unlock with Touch ID / Face ID / Windows Hello
- Multi-user support, with Owner/Admin/User roles
- Public link sharing with password protection and expiry
- Nested folders, a 30-day trash bin, per-user quotas
- SSO if you already run Authelia, Authentik, Keycloak or PocketID
It’s a NestJS/Fastify backend with a Next.js frontend, Postgres for metadata, encrypted blobs on disk. Docker Compose gets it running in a couple of minutes.
It’s still early beta - there will be bugs, and I wouldn’t trust it yet as your only backup. But it’s out there, it’s AGPL-3.0, and if you run a homelab and have wanted the same thing I did, give it a try: github.com/agam-space/agam-space . Docs are at docs.agamspace.app .