DEV Community

Cover image for Leyzen Vault – Bringing Moving-Target Defense to Open-Source Secure Storage
Saad I.
Saad I.

Posted on

Leyzen Vault – Bringing Moving-Target Defense to Open-Source Secure Storage

#opensource #security #webdev #showdev

Over the past few months, I’ve been building something I’ve always wanted to exist in the self-hosted world: a file vault that stays encrypted, private, and unpredictable for attackers.

Today, I’m excited to introduce Leyzen Vault, an open-source, self-hosted secure storage platform that mixes true end-to-end encryption with Moving-Target Defense – a rare combination outside of research papers.

🚀 What is Leyzen Vault?

Leyzen Vault is a file vault where all encryption happens client-side, using the Web Crypto API (AES-GCM).

The server never sees plaintext or keys.

But what makes Leyzen different is its dynamic backend architecture:

✔️ Containers rotate automatically

✔️ Attack surface changes over time

✔️ No static target for persistence or recon

✔️ Strict proxy boundaries (HAProxy)

✔️ Hardened Python orchestrator + Go CLI

It’s a practical implementation of concepts usually seen only in academic security research.

🔐 Key Features

  • Full end-to-end encryption (browser-based AES-GCM)
  • Automatic container rotation
  • Modular Python orchestrator
  • Go-based CLI (leyzenctl)
  • Vue.js UI with real-time previews
  • SSO support (SAML, OIDC, OAuth2)
  • Users management + audit logs
  • PostgreSQL secure metadata backend

📸 Screenshots & Demo

Screenshots, UI previews, and the full architecture overview are available here:

👉 https://www.leyzen.com

🛠️ Open Source Repository

Source code is fully open and available here:

👉 https://github.com/3xpyth0n/leyzen-vault

Contributions, ideas, and critiques are all welcome. I’m still actively developing it and would love community feedback.

💬 Why I built it

Most self-hosted storage tools are secure, but they’re also static.

Static attack surfaces allow persistent footholds, predictable exploitation, and comfortable reconnaissance.

Leyzen Vault is built around the idea that the infrastructure itself should move, not just the encryption layer.

It’s my attempt to bring a new kind of resilience to self-hosted systems while keeping the UX modern and clean.

🙌 Thank you

If you try Leyzen Vault or browse the repo, I’d love to hear your thoughts.

Comments, questions, and feature ideas are genuinely appreciated.

Top comments (0)