Skip to content

Security model

Credentials live only in the OS keychain — macOS Keychain, Windows Credential Manager, or Linux Secret Service. They are never written to SQLite, config files, or logs.

All S3 requests go through Rust via @tauri-apps/plugin-http. There is no CORS proxy, no relay, and no third-party service between you and your storage endpoint.

Error messages shown in the interface are plain sentences. Raw SDK or XML error text never reaches the UI (or anything that could leak request details).

Found a vulnerability? Please report it privately — see SECURITY.md for the process. Do not open a public issue for security reports.