Send files to your cloud. Two letters. Done.

CLI-first · No sync · No mount · No surveillance

$ zz x profile passphrase (local): •••••••••• unlocked · work-nc · nextcloud/zz-drop $ zz notes.md uploaded notes.md 4.1 KiB → work-nc · nextcloud/zz-drop $ zz d report.pdf downloaded report.pdf 1.2 MiB ← work-nc · nextcloud/zz-drop $

Get started Source on GitHub →

// principles

Three things, on purpose.

Privacy by design

Profiles are encrypted client-side. Your passphrase never leaves your device. No telemetry, no analytics, no IP or user-agent logs tied to profiles.

Left-hand UX

One command. No flags to remember. No decisions at runtime. Configure a profile once; afterwards it's just zz file.

Scoped, not scope-creep

No sync. No mount. No public share links. No remote file manager. v1 ships file in, file out — that's the contract.

// install

Pick the package manager you already trust.

# macOS · Homebrew

brew tap gibbio/zz-drop && brew install zz-drop

# Linux · static musl, no sudo, installs to ~/.local/bin

curl -fsSL https://zz-drop.net/install.sh | sh

# Rust · cargo

cargo install zz-drop

Verify the install script with minisign →

// destinations

Four providers in v1. One more on deck.

Nextcloud WebDAV · self-hosted or managed · login flow

Google Drive OAuth device flow · scope drive.file

OneDrive OAuth device flow · Microsoft Graph

Dropbox OAuth paste-code · App folder sandbox

Proton Drive v1.1

// not to be confused with

What zz-drop isn't.

Tool	What it does	What zz-drop does instead
rclone	Mount, sync, mirror	Single-shot file transfer
croc	P2P with relay	Cloud destination via OAuth
scp / rsync	Server-to-server over SSH	Cloud-provider native APIs

// crypto, briefly

Built honestly. Documented plainly.

Profile encrypted client-side with XChaCha20-Poly1305
Argon2id KDF with parameter rotation
Open source — MIT OR Apache-2.0
File content E2EE — on the v1.1 roadmap

Read the threat model →