Building a Fully Local S3 Manager with Electron and Embedded Postgres

# Building a Fully Local S3 Manager with Electron and Embedded Postgres I built s3Administrator because I wanted to manage S3 buckets the way I manage local files - browse, search, move, transfer - without handing my credentials to yet another web dashboard. It's an open-source (AGPLv3) Electron app for macOS, available at [s3administrator.com](https://s3administrator.com), that works with AWS, Hetzner, Cloudflare R2, MinIO, and anything S3-compatible. The defining constraint: no account, no cloud backend, no telemetry. Everything stays on the machine. ## An embedded database inside the app Listing files over the S3 API every time is slow, and there's no server to cache things on - by design. So the app boots its own embedded PostgreSQL and stores all file metadata in the user data directory. The Prisma schema is applied automatically on startup, so the database is ready before the window opens. That local database is what makes the conveniences possible. Global search across indexed files, for example, runs against Postgres - not against a slow fan-out of S3 list calls - and it works with no server anywhere in the picture. ## Credentials encrypted at rest A tool that holds S3 keys for AWS, Hetzner, and R2 at once is a juicy target if it stores them carelessly. So credentials are encrypted at rest with AES-256-GCM. The encryption key is derived per-install, and the secrets file is written with `0600` permissions - readable only by the user account that owns it. The keys never leave the machine and are never sitting in plaintext on disk. ## Big transfers that survive the window Copy, move, sync, and migrate run as background tasks in a worker rather than blocking the UI. They're parallel and resumable, so a large migration between buckets keeps making progress and can pick back up rather than dying the moment something is interrupted. On top of that there's a gallery view with image and video thumbnails, so browsing a bucket of media feels like browsing a folder. ## The local-first payoff The point of all this is that a desktop tool can give you everything people expect from a cloud dashboard - fast search, thumbnails, large background transfers - while keeping every byte of data and every credential on hardware you control. No account to create, no third party in the path between you and your storage. If you're building local-first desktop software, or just want a credential-safe way to wrangle S3 across providers, take a look at [s3administrator.com](https://s3administrator.com) or reach out via my portfolio at [tahayusufkomur.me](https://tahayusufkomur.me).