Share sensitive information with cellar. End to end encryption, always free. No sign-up required.

Uploading Files

INFO

File uploads are available in API v2 (Cellar API v3.2.0+).

Cellar supports uploading files as secrets using the v2 API. This allows you to securely share any type of file with the same encryption and automatic deletion features as text secrets.

Using the Cellar UI

NOTE

Coming Soon: The Cellar UI does not yet support file uploads. This feature will be added in a future release.

In the meantime, you can upload files using the v2 API directly. See the API documentation for details on the /api/v2/secrets endpoint.

Supported File Types

Cellar accepts all file types without restrictions. You can upload:

  • QR codes and barcodes
  • Screenshots and images
  • PDF documents
  • Private keys and certificates
  • Configuration files
  • Source code archives
  • Short audio recordings
  • Any other file type

Recipients are responsible for safely handling downloaded files. Cellar focuses on secure transmission and storage, not content filtering.

File Size Limits

The default maximum file size is 8 MB. This limit supports common use cases while remaining compatible with AWS Lambda deployments.

Files that fit within 8 MB:

  • QR codes (< 1 MB)
  • Screenshots (2-5 MB)
  • PDFs with text and images (1-6 MB)
  • Private keys and certificates (< 1 MB)
  • Configuration files (1-5 MB)
  • Short audio clips (1-2 MB)

If you need to upload larger files, contact your Cellar administrator. Docker and traditional server deployments can increase this limit through configuration. See Security Best Practices for details.

Security Considerations

File uploads implement several security measures:

Automatic Protections:

  • Empty files (0 bytes) are rejected
  • File size is validated before encryption
  • Secure download headers prevent XSS attacks
  • Filenames are sanitized to prevent path traversal

Best Practices:

  • Set appropriate expiration times based on file sensitivity
  • Use access limits to prevent unauthorized sharing
  • Share secret links through secure channels (not email)
  • Recipients should verify downloaded files before opening

For complete security information, see Security Best Practices.

Limitations

File uploads have the following limitations:

  • Maximum file size: 8 MB (default, configurable by administrators)
  • Files are stored in memory during encryption
  • Files are stored in Redis after encryption
  • No virus scanning or content filtering is performed

For large files or different requirements, consider alternative file sharing solutions.