Hoard is a stateless, deterministically encrypted, content-addressed object store.

It currently supports local persistent storage, S3 and GCS backends, though IPFS integration is currently under development.

Files that are sent to Hoard are symmetrically encrypted, where the secret is the hash of the plaintext file, and then stored in the configured backend – this enables any party with knowledge of the hash or original file to retrieve it from the store.

Planned storage backends are:

  • BigchainDB (and IPDB)
  • Tendermint

It encrypts deterministically (convergently) because it encrypts an object using the object’s hash (SHA256) as the secret key (which can than be shared as a ‘grant’).

It is content-addressed because encrypted objects are stored at an address determined by the encrypted object’s hash (SHA256 again).

Tell us about a new Kubernetes application


Never miss a thing! Sign up for our newsletter to stay updated.


Discover and learn about everything Kubernetes