Self-hosted object storage
that just works

An S3-compatible storage gateway with enterprise SSO, IAM-style policies, and support for multiple backends. Your data, your infrastructure.

Get Started View Source

Deploy with Docker Compose in minutes

Everything you need for file storage

S3 Compatible

Full AWS SDK compatibility. Use existing tools like aws-cli, s3fs, or any S3 client. Mount buckets as local drives.

Multi-Backend

Store files locally, on AWS S3, MinIO, or DigitalOcean Spaces. Different buckets can use different backends.

IAM Policies

Fine-grained access control with familiar AWS-style policy syntax. Deny-by-default with explicit allow rules.

Enterprise SSO

Google OAuth and HashiCorp Vault OIDC with PKCE. Automatic user provisioning and policy sync from groups.

Security First

TLS everywhere, bcrypt password hashing, JWT authentication, and access keys with AWS Signature V4.

Modern Web UI

Dual-pane file browser with drag-and-drop, search filters, context menus, and real-time upload progress.

Built for production

Go Backend

High-performance API server with Gin framework. Handles concurrent uploads and streaming efficiently.

React Frontend

TypeScript, Vite, and Tailwind CSS. Fast builds and a responsive interface that works everywhere.

PostgreSQL

Reliable data storage with SSL connections. GORM handles migrations automatically.

Enterprise SSO

Google OAuth and HashiCorp Vault OIDC with PKCE. Automatic user provisioning from identity providers.

IAM Policies

AWS-style policy documents for fine-grained access control. Deny-by-default with explicit allow rules.

Docker Native

Compose-based deployment with isolated networking. Production-ready out of the box.

Who it's for

bkt is designed for teams that need control over their file storage without vendor lock-in. Run it on your own infrastructure with your own authentication.

  • Teams needing a unified S3 interface across local and cloud storage
  • Organizations with data residency or compliance requirements
  • Hybrid cloud environments spanning multiple providers
  • Self-hosted infrastructure with existing identity providers

Quick Start

Get up and running with local storage in under 5 minutes. Requires Docker, Docker Compose, and Python 3.

1

Clone the repository

git clone https://github.com/seahop/bkt.git
cd bkt
2

Run the setup script

python3 setup.py

Generates SSL certificates, admin credentials, and .env file. Save the admin password displayed in the output.

3

Start the services

docker compose up --build -d

First run builds the containers. Access the UI at https://localhost:5173

The application uses self-signed certificates. Your browser will show a warning - accept it to continue, or import the CA certificate from certs/ca/ca.crt.

Advanced Configuration

Configure SSO, external storage backends, and production settings by editing the .env file.

S3 Storage Backend

Store objects on AWS S3, MinIO, or any S3-compatible service instead of local disk.

STORAGE_BACKEND=s3
S3_ENDPOINT=s3.amazonaws.com
S3_REGION=us-east-1
S3_ACCESS_KEY_ID=your-key
S3_SECRET_ACCESS_KEY=your-secret

Google SSO

Enable browser-based single sign-on with Google OAuth. Users are auto-provisioned on first login.

GOOGLE_OIDC_ENABLED=true
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-secret
GOOGLE_REDIRECT_URL=https://your-domain/api/auth/google/callback
FRONTEND_URL=https://your-domain

Vault OIDC

Enterprise SSO with HashiCorp Vault using PKCE. Supports automatic policy sync from Vault groups.

VAULT_OIDC_ENABLED=true
VAULT_ADDR=https://vault.example.com
VAULT_OIDC_CLIENT_ID=your-client-id
VAULT_OIDC_PROVIDER_URL=https://vault.example.com/v1/identity/oidc/provider/default
VAULT_OIDC_REDIRECT_URL=https://your-domain/api/auth/vault/callback
FRONTEND_URL=https://your-domain

Production Settings

Key settings to review before deploying to production.

# Disable self-registration
ALLOW_REGISTRATION=false

# Use real SSL certificates
# Replace certs/ with CA-signed certs

# Set your domain for CORS
CORS_ALLOWED_ORIGINS=https://your-domain

See the full documentation for detailed guides on SSO setup, S3 backend configuration, and production deployment.

Open source and self-hosted

No cloud dependencies, no usage fees. Your storage, your rules.

View on GitHub Read the Docs