Stop Zipping Folders: How I Built a Zero-Trust Tunnel to Share Files Instantly (in Go)

The Problem with "Quickly" Sharing a Folder 😫

We’ve all been there. You need to send a directory of files—maybe logs, a build artifact, or some sensitive config files—to a colleague.

What are your options?

1. Zip it and Slack it: Now that zip file lives on Slack's servers forever.
2. Upload to Google Drive/Dropbox: Great, now you have to manage permissions, generate a link, and trust that they aren't scanning your files.
3. scp / rsync: Requires SSH access, keys, and knowing IP addresses. Not exactly "quick."
4. Magic Wormhole / Croc: Awesome tools, but they transfer file-by-file. You can't browse a remote directory.

I wanted something better. I wanted the ease of a cloud link with the security of a direct, encrypted SSH connection.

I wanted to type one command, get a secure code, and send it to a friend so they could browse my folder instantly—without ever uploading my data to a third-party server.

So, I built Orb.

Meet Orb: Zero-Trust, Terminal-First File Sharing 🛡️

Orb is a CLI utility written in Go that lets you share a local folder over the internet using an end-to-end encrypted tunnel.

It’s designed around a simple philosophy: The relay server should be blind. It just shovels encrypted bytes back and forth. It doesn't know who you are, what you're sharing, or what your passcode is.

The "Aha!" Moment 💡

The coolest part of Orb isn't just the encryption; it's the developer experience (DX).

When a receiver connects, they don't just get a dump of files. They get a full, interactive Terminal User Interface (TUI) file browser. They can navigate directories, view file metadata, and download only what they need.

Insert GIF of TUI browser here

It feels like SSH-ing into a machine, but without the hassle of user accounts or port forwarding.

How to Use It (In 30 Seconds) ⏱️

Orb is a single binary with no dependencies.

1. Share a Folder (Alice)

Alice wants to share her ~/documents/project-x folder.

$ orb share ~/documents/project-x --readonly

> Session ID: abc123def456
> Passcode:   correct-horse-battery-staple
> Relay:      https://relay.orb.sh
>
> Share these credentials securely.
> Waiting for connection...

2. Connect and Browse (Bob)

Bob gets the session ID and passcode from Alice via a secure channel (like Signal).

$ orb connect abc123def456

> Enter Passcode: ****************************

Boom. Bob's terminal transforms into a file browser showing the contents of Alice's folder. He can navigate around and press d to download files.

Under the Hood: The Nerdy Stuff 🤓

This is where I had the most fun. Building a truly secure, zero-trust system is a rabbit hole of cryptographic choices. Here is the stack that makes Orb sleep-at-night secure:

• The Language: Go. Perfect for networking, concurrency, and cross-platform binaries.
• The Protocol: We use the Noise Protocol Framework for the handshake. It’s the same tech powering WireGuard and WhatsApp. It provides mutual authentication and forward secrecy.
• Key Derivation: The short passcode you see is hashed using Argon2id (the winner of the Password Hashing Competition) to generate the actual encryption keys. This makes brute-force attacks computationally expensive.
• Transport Encryption: Once the handshake is complete, all data is encrypted with ChaCha20-Poly1305. It's fast, secure, and runs well on mobile devices.
• The TUI: Built with the incredible Bubble Tea framework.

Security is Not an Add-on

We spent a lot of time thinking about attack vectors.

• Path Traversal: A malicious client can't request ../../../../etc/passwd. Orb sanitizes all paths.
• Symlink Attacks: Orb detects and blocks symlinks that point outside the shared directory.
• Relay Compromise: Even if the relay server is hacked, the attacker only sees encrypted noise. They cannot decrypt your files.

Why Open Source? ❤️

I'm releasing Orb as open source because I believe security tools must be transparent. You shouldn't have to trust me; you should be able to audit the code yourself.

This is just the beginning. I have a big roadmap, including:

• [ ] FUSE support (mount a remote Orb folder as a local drive)
• [ ] Web-based client (decrypt in the browser via WebAssembly)
• [ ] Decentralized relays (p2p)

Try It Out! (And Roast My Code) 🔥

I’m looking for feedback, security audits, and feature requests.

1. Go grab a binary from the Releases page.
2. Try sharing a folder with a friend (or yourself on another machine).
3. Check out the code on GitHub.

Zayan-Mohamed / orb

Orb is a secure, terminal-first utility that allows you to share a local folder across the internet using end-to-end encryption. No accounts, no cloud storage, no port forwarding required.

Orb — Zero-Trust Folder Tunneling Tool

Orb is a secure, terminal-first utility that allows you to share a local folder across the internet using end-to-end encryption. No accounts, no cloud storage, no port forwarding required.

📺 Demo

Sharing a Folder

Share a folder with a single command - encrypted end-to-end

Browsing Shared Files

Interactive TUI browser for secure file access

✨ Features

• 🔒 Zero-Trust Architecture: The relay server never sees plaintext data
• 🔐 Strong Cryptography: Argon2id for key derivation, Noise Protocol for handshake, ChaCha20-Poly1305 for transport encryption
• 🖥️ Cross-Platform: Works on Linux, macOS, and Windows
• 🌐 NAT-Safe: All connections are outbound, works behind firewalls
• 📁 TUI File Browser: Interactive terminal interface for browsing and downloading files
• ⏰ No Long-Term Secrets: Sessions expire automatically
• 🛡️ Secure by Design: Path sanitization, symlink protection, replay protection

🚀 Quick Start

Install

# Download the binary for your

…

View on GitHub

If you think this is a cool idea, please leave a star ⭐ on the repo! It helps more developers find the project.

What's your current workflow for sharing sensitive folders? Let's discuss in the comments!👇