personal vault

dst

|
Download View source
windows 10+ Β· ~80 MB Β· unsigned

what it does

encrypted per chunk
AES-256-GCM on every piece. Discord sees ciphertext blobs, nothing more.
infinite capacity
Any Discord server works. Files split into chunks, uploaded as attachments by your bot.
folders, preview, rename
Drag-drop in, preview in your default app, rename inline. Normal file-manager ergonomics.
install anywhere
Same bot token + passphrase on any Windows PC β€” your vault follows you.

how it works

01
split
Your file is chunked into 9 MB pieces (bigger if your server is boosted). Each chunk gets a unique per-file key derived from your vault key.
02
encrypt + upload
Each chunk is encrypted with AES-256-GCM and uploaded as an attachment in your private #files channel β€” three chunks in flight at once.
03
remember
An encrypted index in a dedicated #index channel tracks which chunks belong to which file. The index is rewritten on every change.
04
download
Reassembly is the same in reverse. Discord's signed CDN URLs are re-resolved on every read, so expiring links are a non-issue.

security model

Your passphrase never leaves your machine. Argon2id derives a masterKey from it, which wraps a long-lived random vaultKey using AES-256-GCM. Changing your passphrase rewraps the vaultKey in milliseconds β€” no chunks are re-encrypted.

Per-chunk keys are derived via HKDF-SHA-256 from the vaultKey with salt {fileId, seq}. Additional authenticated data binds each ciphertext to its file and position, so chunks can't be spliced across files or reordered.

What Discord sees: opaque blobs, their sizes, and upload timestamps.
What an attacker with your bot token sees: the same opaque blobs. No filenames, no directory structure, no cleartext.
What protects you: your passphrase. Lose it and your files are gone; there is no recovery path by design.

download

dst ships as a Windows installer (dst Setup x.y.z.exe) and a portable executable (dst x.y.z.exe). Both are unsigned β€” Windows SmartScreen will warn on first launch. Click More info β†’ Run anyway.

Latest release Source on GitHub

First launch drops you into a five-step setup wizard: create a Discord bot, create a private server, invite the bot, set a passphrase, done. About five minutes.

license & disclaimers

The dst app is released under Polyform Noncommercial 1.0.0. Read, fork, run personally. Do not sell it, bundle it into a commercial product, or use it for commercial purposes.

Using Discord as a storage backend is a gray area of Discord's Developer Terms. This is a personal tool for one human β€” don't redistribute publicly, don't automate signups, don't build a business on top of it.

No warranty. If you lose your passphrase, files are unrecoverable. Back up your passphrase on paper.