Enterprise-grade S3-compatible object storage written in Rust. Built for performance, security, and multi-cluster replication.
Go beyond basic S3 compatibility. These advanced capabilities set Hafiz apart from MinIO, Ceph, and even AWS S3 itself.
Blockchain-style hash chain for every operation. Each entry cryptographically links to the previous — detect tampering instantly with chain verification.
SHA-256 content-addressable storage with automatic reference counting. Identical files across any bucket share a single copy — save up to 90% storage.
Automatic zstd compression on write, transparent decompression on read. Skips already-compressed formats like images, video, and archives.
Generate time-limited access tokens for any bucket — no S3 credentials needed. Set read/write/list permissions, expiration, and download limits.
Auto-generate thumbnails, strip EXIF metadata, and convert image formats on upload. Async processing — zero impact on upload latency.
Subscribe to object changes via Server-Sent Events. Get instant notifications for creates and deletes — per-bucket or global channels.
| Feature | Hafiz | AWS S3 | MinIO |
|---|---|---|---|
| S3 API Compatible | ✓ | ✓ | ✓ |
| Object Lock (WORM) | ✓ | ✓ | ✓ |
| S3 Select (SQL on Objects) | ✓ | ✓ | ✗ |
| Erasure Coding | ✓ | ✓ | ✓ |
| Immutable Audit Log (Blockchain) | ✓ | ✗ | ✗ |
| Data Deduplication | ✓ | ✗ | ✗ |
| Object Compression (zstd) | ✓ | ✗ | ✗ |
| Temporary Bucket Sharing | ✓ | ✗ | ✗ |
| Object Transform Pipeline | ✓ | ✗ | ✗ |
| Real-Time Change Stream (SSE) | ✓ | ✗ | ✗ |
| Air-Gap Offline Sync | ✓ | ✗ | ✗ |
| LDAP / Active Directory | ✓ | ✗ | ✓ |
| Written in Rust | ✓ | ✗ | ✗ |
| Open Source (Self-Hosted) | ✓ | ✗ | ✓ |
Rock-solid S3 compatibility with the security and reliability your organization demands.
Built in Rust with async I/O for maximum throughput. Handle millions of objects with minimal latency.
AES-256-GCM encryption, Object Lock (WORM), LDAP integration, and comprehensive audit logging.
90+ S3 API endpoints. Works seamlessly with AWS CLI, SDKs, and existing S3 tools.
Real-time replication across data centers with bidirectional or unidirectional sync modes.
Offline data transfer for classified networks. USB/tape export-import with checksum verification.
Object versioning with delete markers, lifecycle policies, and automatic expiration rules.
Prometheus metrics, Grafana dashboards, health endpoints, and comprehensive request tracing.
Run SQL queries directly on CSV and JSON objects. Filter and extract data server-side without downloading.
Reed-Solomon data protection distributes shards across nodes. Survive failures and reconstruct from partial data.
Axum-based HTTP layer with 90+ endpoints
AWS Signature V4 & LDAP authentication
Filesystem & S3 proxy backends
SQLx with PostgreSQL & SQLite
AES-256-GCM encryption engine
Built as a multi-crate Rust workspace for maintainability and performance. Each component is designed to be efficient, testable, and secure.
Get Hafiz running with Docker in under a minute. Compatible with all S3 tools and SDKs out of the box.
View Quick Start Guide# Clone and build git clone https://github.com/shellnoq/hafiz.git cd hafiz docker build -t hafiz:local . # Run Hafiz docker run -d \ --name hafiz \ -p 9000:9000 \ -v hafiz-data:/data \ -e HAFIZ_ROOT_ACCESS_KEY=hafizadmin \ -e HAFIZ_ROOT_SECRET_KEY=hafizadmin \ hafiz:local # Test with AWS CLI aws --endpoint-url https://hafiz.local:9000 s3 mb s3://my-bucket aws --endpoint-url https://hafiz.local:9000 s3 cp file.txt s3://my-bucket/
Secure offline data transfer for classified networks, disaster recovery sites, and environments without network connectivity.
Transfer data to physically isolated networks without any network connectivity. Perfect for military, government, healthcare, and critical infrastructure.
Deploy Hafiz today and take control of your object storage with enterprise-grade security and performance.