DEV Community

Moukhtar Youssef
Moukhtar Youssef

Posted on

What is DriveLite architecture

#drivelite #programming #e2ee #selfhost

Introduction

DriveLite is an open-source, self-hostable file storage system designed with privacy-first principles. Unlike traditional cloud storage, DriveLite ensures your files are encrypted end-to-end by default, so even your server cannot see your data.

At the same time, DriveLite is flexible advanced users can opt into server-trusted mode to enable features like previews, AI tagging, and semantic search.

This post explains DriveLite’s architecture and how it balances maximum privacy with optional convenience.

1. Core Principles

  • Privacy by default → End-to-end encryption (E2EE) + zero-trust.
  • Flexible control → Users can choose server-trusted mode for enhanced features.
  • Modular architecture → Storage, backend, and AI/search services are separate and scalable.

2. How DriveLite Handles Security

E2EE + Zero Trust (Default)

  • Files are encrypted in the browser before upload.
  • Server only stores ciphertext, cannot read user files.
  • Protects against server compromises, rogue admins, or cloud breaches.
  • Ideal for privacy-conscious users and sensitive data.
  • Use on device AI models

Server-Trusted Mode (Optional)

  • Admins can opt-in for server-trusted mode per deployment
  • Enables advanced features:
    • File previews
    • Semantic search
    • AI tagging and AI-assisted file organization

3. Components Breakdown

Frontend Web (React + Tailwind)

  • Handles encryption/decryption for E2EE by default.
  • Offers clear privacy vs. convenience toggle for users or admins.
  • On-device ML (in case of E2EE + Zero trust)

Backend (Go + Echo)

  • Serves APIs for file upload, metadata, sharing, and search.
  • Detects if server-trusted mode is enabled and handles decrypted files accordingly.

Storage (MinIo (S3-compatible ) / File system)

  • Stores encrypted blobs in default mode.
  • Can store decrypted content when server-trusted mode is active.

Database Layer (SQLite / PostgreSQL)

  • Stores metadata and encryption keys securely.
  • Supports pluggable backends for scalability.

AI + Semantic Search (Python + Qdrant + gRPC)

  • Only has access to file content in server-trusted mode.
  • Enables semantic search, tagging, and AI features when opted-in.

4. Why This Architecture?

  • Privacy-first by default → E2EE ensures maximum data security.
  • Feature-flexible → Users can opt-in for richer functionality.
  • Modular & Scalable → Each component can be independently maintained, scaled, or replaced.
  • Clear tradeoff → Users control their own security vs. convenience balance.

5. Roadmap & Vision

  • Mobile clients (Flutter)
  • Collaborative features with optional server-trusted mode
  • AI-assisted file management
  • Community plugins and extensions

Conclusion

DriveLite’s architecture is privacy-first, flexible, and future-proof. By default, your data is encrypted and zero-trust, but if you want enhanced features like previews and AI search, you can opt-in to server-trusted mode.

This approach makes DriveLite stand out in the self-hosting ecosystem, offering both security-conscious users and feature-hungry users exactly what they need.

Explore DriveLite and take control of your data: DriveLite.org

Top comments (0)