Build your own resilient, encrypted storage network across multiple nodes. Self-hosted, secure, and designed for communities and organizations.
A complete solution for distributed, encrypted storage
Your data is encrypted before it leaves your device. Only you hold the keys. Storage nodes cannot read your files.
Nodes connect securely via Tinc VPN mesh network. No central server required. Works across NATs and firewalls.
Data is split into 10 encrypted shares. Any 3 can reconstruct your file. Survives up to 7 node failures.
Node identity verified via public GPG keyservers. Decentralized trust with no central authority.
Fully containerized with Docker Compose. Easy deployment, updates, and management on any system.
Pre-built images for Raspberry Pi. Turn any Pi into a storage node in minutes.
Your data is encrypted, split, and distributed across multiple nodes
Original data
AES-128
Erasure coding
Any 3 of 10 shares can reconstruct your original file.
Storage nodes only see encrypted blobs - they cannot read your data.
Your file is encrypted on your device using AES-128. The encryption key is embedded in the capability URL.
The encrypted file is split into 10 shares using Reed-Solomon coding. Only 3 are needed to reconstruct.
Each share is sent to a different storage node over the encrypted VPN mesh network.
You receive a capability URL containing the encryption key. Share it to grant access to the file.
Contribute storage and become part of the distributed network
Create a GPG key pair and publish it to a public keyserver. This is your node's identity.
pip install redundanet
redundanet node keys generate \
--name my-node \
--email you@example.com
redundanet node keys publish \
--key-id YOUR_KEY_IDFill out the join form with your GPG key ID and storage contribution. This creates a GitHub issue.
Join Form →A maintainer reviews your application, verifies your GPG key, and merges the PR to add your node.
Once approved, initialize your node and start the services.
git clone github.com/adefilippo83/redundanet
cd redundanet
redundanet init --name node-XXXXX
redundanet sync
docker compose up -dA decentralized architecture with no single point of failure
Tahoe-LAFS Client
Node Discovery
Encrypted Shares
Encrypted Shares
Encrypted Shares
Multiple layers of encryption protect your data
All network traffic is encrypted via Tinc VPN using RSA key exchange and AES encryption.
Data is encrypted with AES-128 before upload. Storage nodes only see encrypted blobs.
Node identities are verified via GPG keys published to public keyservers. No central authority.
Access is controlled by cryptographic capability URLs. Possession of the URL grants access.
Erasure coding ensures data survives up to 7 node failures out of 10.
Storage nodes cannot see file contents, names, or metadata. Only encrypted shares.
Choose your preferred installation method