V1.4.0 — DOCKER-NATIVE CORE

The Secure Backbone
for Enterprise
File Exchange

Open-source, Docker-native, and API-first. Built for IT teams who don't compromise on security. Host your data on your own infrastructure with total control. The project is still in beta, any info is subject to change.

rocket_launch Start Deployment description Explore Features
lock AES-256-GCM
verified_user Zero-Trust
code AGPL-3.0
hub API-First
docker-compose.yml
shield AES-256-GCM Encrypted at Rest
verified GDPR Ready health_and_safety HIPAA Targets policy ISO 27001 Design security_update_good SOC 2 Aligned hub REST API storage Multi-Cloud Storage
What is TenzoShare?

A Secure File Exchange Hub
You Host Yourself

TenzoShare is a self-hosted platform for sending and receiving files securely. Your team uploads files and shares protected links with recipients — or creates file requests so external parties can upload directly to you. Everything runs on your own infrastructure. Your files never touch a third-party server.

upload_file
Send files to anyone
Upload files and generate password-protected, expiring share links for recipients — no account required on their end.
move_to_inbox
Request files from anyone
Create a file request link and send it to an external party. They upload straight into your platform — no account, no friction.
admin_panel_settings
Full admin control
Manage users, storage backends, branding, audit logs, and quotas from a purpose-built admin portal. Granular RBAC at every layer.
How it works
send Send files
person
Your team
arrow_forward
Upload & encrypt
hub
TenzoShare
arrow_forward
Share link
person_outline
Recipient
move_to_inbox Request files
person
Your team
arrow_forward
Request link
hub
TenzoShare
arrow_forward
Upload form
person_outline
External party
lock All files AES-256-GCM encrypted · hosted on your infrastructure
Core Features

Built for Sovereign Data Control

Everything you need to run a secure, private sharing platform without any third-party dependencies.

verified_user

Secure & Fully Auditable

Every file operation is logged with an immutable, append-only structured audit trail. Cryptographic proof of every access, modification, and download — 7-year retention by default. Built for compliance teams.

Immutable Logs WORM Storage JSON Structured 7-yr Retention
api

API-First Architecture

Fully segregated front-end and back-end. Integrate into your CI/CD pipelines with comprehensive REST API. Swagger docs out of the box.

API reference arrow_forward
shield_with_heart

Zero-Trust Architecture

Authentication required at every layer. No implicit trust between Docker containers. JWT + Redis revocation on every service.

deployed_code

Docker-Native Core

Single docker compose up -d to run the full stack. Traefik gateway, PostgreSQL, Redis — all pre-configured.

cloud_upload

Flexible Storage Backends

Connect to any storage tier. Mix and match backends per-project. Switch without migrating data.

cloud AWS S3
cloud Azure Blob
cloud Google GCS
storage Local Volume
storage NFS / SMB
category MinIO / S3-compat.
The Interface

Designed for Daily Use

A clean, fast interface your team will actually want to use — not another enterprise product that requires training.

User portal — Dashboard
TenzoShare user dashboard
Deployment

One Command.
Full Stack Deployed.

TenzoShare isn't just "container-ready" — it was born in Docker. One docker compose up -d brings up the entire stack: API, web UI, gateway, database, cache, and reverse proxy.

  • check_circle Traefik v3 gateway with TLS termination and routing
  • check_circle PostgreSQL for data, Redis for caching & JWT revocation
  • check_circle Services isolated in Docker network — only gateway exposed
  • check_circle Stateless app tier — horizontal scaling out of the box
  • check_circle Health-check gated routing — zero downtime deployments
Read the deployment guide arrow_forward
docker-compose.yml 
# Full stack — just one command
$ docker compose up -d

services:
  tenzoshare:
    image: ghcr.io/marcusottosen/TenzoShare:latest
    restart: unless-stopped
    environment:
      - ENCRYPTION=AES-256-GCM
      - ZERO_TRUST=true
      - AUDIT_LOG=enabled
      - STORAGE_BACKEND=s3

  db:
    image: postgres:16-alpine

  cache:
    image: redis:7-alpine

  gateway:
    image: traefik:v3
Security

Security Engineered, Not Bolted On

TenzoShare was designed from the ground up with a security-first approach. Every component uses industry best practices — no half-measures.

security Full Security Overview
key
Argon2id + RS256 JWT

Password hashing with pepper. RSA-2048 JWT with 15-min expiry + 7-day refresh. JTI revocation via Redis.

lock
AES-256-GCM at Rest

Every file encrypted on upload with a random 12-byte nonce. Decrypted transparently on download. TLS 1.3 in transit.

manage_accounts
RBAC + MFA + Lockout

Roles: admin, user, guest, auditor. TOTP MFA. Account lockout after N failed attempts.

speed
Layered Rate Limiting

Redis-backed per-IP and per-user rate limits on login, register, upload, and global endpoints.

Compliance

Enterprise Compliance Ready

TenzoShare is designed and architected to meet the requirements of the world's most demanding compliance frameworks.

verified
ISO 27001

Global Information Security Management

health_and_safety
HIPAA

Secure Healthcare Data Processing

policy
GDPR

EU Data Privacy & Sovereignty

security_update_good
SOC 2

Audited Trust Service Criteria

Open Source · AGPL-3.0 · Docker-Native

Ready to own your data?

TenzoShare is free to self-host forever. Deploy your private instance in minutes, or reach out for enterprise support.

rocket_launch Deploy Now — It's Free mail Enterprise Support
git clone https://github.com/marcusottosen/TenzoShare.git