VaultSync

• /Built to solve a concrete problem: moving sensitive files between machines over SFTP without trusting the transport layer. The server receives ciphertext only and cannot reconstruct the plaintext even with full filesystem access.
• /Uses the notify crate (wraps inotify on Linux, FSEvents on macOS, ReadDirectoryChangesW on Windows) to watch source directories in real time. No polling interval, no missed events between cycles.
• /Each file is encrypted with AES-256-GCM before transfer: a unique nonce per file, key derived from a configurable secret, and the ciphertext wrapped in a custom binary format that embeds original filename, size, and timestamp as authenticated metadata.
• /Integrates the zeroize crate to wipe encryption keys from memory immediately after use. Residual key material in heap memory is a real attack vector on shared or cloud systems, and this makes it a non-issue.
• /100% test correctness across all file types (binary, text, zero-byte, large files) via a round-trip test suite: encrypt, transfer, decrypt, byte-level diff against the original.
• /Rust was the deliberate choice: no garbage collector means no unpredictable pauses during cryptographic operations, and the ownership model makes it structurally impossible to accidentally alias or copy key material.

Tech Stack

RUST