Skip to main content
Ferrox
v1.0.0 — Apache 2.0 · Built in Rust

S3-Compatible Storage. Single Binary.

Lightweight object storage built in Rust. Works with Boto3, AWS CLI, rclone, and every S3 SDK — no code changes. Self-host in under 2 minutes.

~0 MB
binary
<0 MB
Docker image
0
dependencies
CLIAWS CLIpyBoto3jsJS SDKrcrclonegoGo SDKferroxS3 wire protocol · SigV4 · AES-256-GCM

Everything you need. Nothing you don't.

Ferrox strips away the complexity that makes other S3-compatible object stores painful to self-host and run. We provide a streamlined alternative solution that maximizes operational efficiency without compromising on reliability.

Single Binary

~12 MB. No runtime, no sidecar, no init containers. Deploy this lightweight S3-compatible object storage server anywhere — bare metal, VMs, or modern Kubernetes clusters.

Drop-In S3 Compatibility

Speaks the S3 wire protocol natively. Serves as a flawless drop-in replacement. AWS CLI, Boto3, rclone, SDK v3 — all verified with zero provider-specific configuration.

FROM scratch Docker

Under 20 MB image built entirely FROM scratch. This minimalist approach guarantees the smallest possible footprint of any available S3-compatible object storage solution.

AES-256-GCM Encryption

SSE-S3 and SSE-C built in. Utilizing individual Data Encryption Keys (DEKs) for every object. Caller-supplied keys are never logged or permanently persisted to disk.

No unsafe Code

#![forbid(unsafe_code)] everywhere. We rely exclusively on the audited rustls and ring libraries for all Transport Layer Security operations. Constant-time HMAC comparison.

Full SigV4

Every request authenticated via AWS Signature Version 4 protocol. SigV4A scaffold included. Per-access-key rate limiting automatically responds with 503 SlowDown.

Up in under 2 minutes

Deploy Ferrox's S3-compatible API in minutes — works with Docker, AWS CLI, Boto3, JavaScript SDK v3, and rclone. Zero config changes required.

docker run --rm -p 9000:9000 \
  -v ferrox-data:/data \
  ghcr.io/ferrox-rs/ferrox:latest \
  --data-dir /data --bind 0.0.0.0:9000 \
  --access-key minioadmin \
  --secret-key minioadmin

How Ferrox stacks up

Ferrox vs MinIO vs SeaweedFS. We provide the lightest self-hosted S3-compatible object storage server on the market, built with no external dependencies and entirely avoiding the restrictive AGPL licensing model. Check out our Quickstart guide to get started.

Feature comparison between Ferrox, MinIO, and SeaweedFS object storage solutions
FeatureFerroxMinIOSeaweedFS
LanguageRustGoGo
Binary size~12 MB~80 MBvaries
FROM scratch Dockeryesnono
TLSrustls + ringGo stdlibOpenSSL
unsafe in hot pathsnonen/an/a
LicenseApache-2.0AGPLApache-2.0
External dependenciesnoneyesyes

← swipe to see all columns →

Supported S3 Operations

Ferrox supports the core operational primitives of the Amazon S3 ecosystem. Your existing applications require no structural modifications to migrate your data. Review our supported API operations below.

Frequently Asked Questions

What makes Ferrox different from MinIO or SeaweedFS?
Ferrox is specifically designed to be the absolute lightest S3-compatible object storage server available. While MinIO and SeaweedFS are powerful enterprise tools, they come with larger binary sizes, complex Go runtimes, and various external dependencies. Ferrox compiles to a single ~12 MB Rust binary with zero dependencies, making it ideal for edge computing, CI/CD pipelines, and resource-constrained environments without sacrificing features.
Do I need to rewrite my application to use Ferrox?
No. Ferrox speaks the standard S3 wire protocol natively. This means you can drop it into any existing application that currently uses the AWS SDK, Boto3 (Python), or the AWS CLI. Simply point your S3 endpoint URL to your local Ferrox instance, and your application will work exactly as it did before, requiring no code modifications.
Is Ferrox secure enough for production workloads?
Yes. Ferrox enforces strict memory safety by forbidding unsafe Rust code across the entire codebase. It supports industry-standard AES-256-GCM encryption for both SSE-S3 and SSE-C, ensuring your data is always encrypted at rest. Furthermore, all incoming requests are securely authenticated using the robust AWS Signature Version 4 (SigV4) protocol, matching industry standards for identity and access management.
How difficult is it to deploy Ferrox?
Deploying Ferrox is incredibly straightforward. Because it is a single standalone executable binary, there is no need to configure complex databases, background caching layers, or complex initialization containers. We provide an ultra-lightweight Docker image built entirely 'FROM scratch' under 20 MB, or you can simply run the compiled binary directly on any bare metal server or virtual machine.

Support Ferrox

Ferrox is open-source and free. If it saves you time or money, consider sponsoring development. Every contribution helps keep it maintained, fast, and secure.

Bronze
$5/mo
Name in README
Silver
$25/mo
Logo in README + priority issues
Gold
$100/mo
Logo on website + direct support
Sponsor on GitHub