CloakShare CloakShare
Log in Get API Key

March 6, 2026

Why We Open-Sourced CloakShare

CloakShare is a secure document sharing API. You upload a file, get a tokenized link back, and the recipient views it in a watermarked, tracked, expiring viewer. Per-page analytics, email gates, password protection, webhooks — the whole stack.

We open-sourced the entire thing under MIT. Here's why.

The trust problem

If you're routing sensitive documents through a third-party service — pitch decks with financial projections, contracts with confidential terms, medical records — you need to trust that service completely. Not "we promise we're secure" trust. "You can read every line of code that touches your data" trust.

Open source is the only way to deliver that. You can audit the rendering pipeline, the storage layer, the authentication flow, the watermarking logic. If something looks wrong, you can file an issue. Or fix it yourself.

Why MIT, not AGPL

Papermark (the closest open-source alternative) uses AGPL. That means if you modify their code and deploy it — even internally — you're legally required to open-source your changes. For a startup embedding document sharing into their product, that's a non-starter. Legal teams see AGPL and kill the integration.

MIT has no such restriction. Fork CloakShare, modify it, embed it in your proprietary product, deploy it on your own servers. No strings attached. We believe the best way to build adoption is to remove friction, not add licensing anxiety.

Why API-first

DocSend is a GUI. Papermark is a GUI. PandaDoc has an API, but it's secondary to their UI-first workflow. None of them let you do this: 

$ curl -X POST https://api.cloakshare.dev/v1/links \
    -H "Authorization: Bearer ck_live_xxx" \
    -F file=@proposal.pdf \
    -F watermark=true \
    -F expires_in=7d

{"secure_url": "https://view.cloakshare.dev/s/lnk_xK9mP2"}

One API call. Secure link. Done. If you're building an LMS that shares course materials, a deal room that distributes term sheets, or an investor portal that tracks deck engagement — you need an API, not a dashboard.

We also ship an embeddable viewer as an npm package. Drop <cloak-viewer src="/deck.pdf" watermark={{email}}" email-gate> into any web app and you have a secure document viewer. No iframe, no redirect.

Why self-hostable

Healthcare companies can't send patient documents through a third-party cloud. Law firms handling merger documents need data sovereignty. Government contractors have FedRAMP requirements. For all of these, the answer is the same: run it on your own infrastructure. 

$ git clone https://github.com/cloakshare/cloakshare.git
$ cd cloakshare
$ docker compose up -d

CloakShare running on http://localhost:3000

SQLite database, local file storage, 1GB RAM. That's the entire footprint. Plug in your own S3-compatible storage (MinIO, AWS S3, Backblaze B2, Cloudflare R2) when you're ready.

The business model

Open core. The self-hosted version is free forever and includes everything: PDF rendering, office document conversion, video transcoding, watermarks, email gates, analytics, webhooks, teams, the full secure viewer.

The cloud version at cloakshare.dev adds managed infrastructure, CDN delivery, analytics dashboard, webhook retries, custom domains, email notifications, and a free tier to get started (50 links, 500 views per month).

We're not hiding features behind a paywall. We're selling convenience. If you want to run Poppler and FFmpeg on your own servers and manage your own database backups — go for it. If you'd rather upload a file and get a link back without thinking about infrastructure, that's what the cloud tier is for.

What we've built so far

  • + REST API with full CRUD for links, webhooks, teams, and analytics
  • + Node.js SDK (@cloakshare/sdk), Python SDK, Go SDK
  • + Embeddable viewer Web Component (@cloakshare/viewer)
  • + React wrapper (@cloakshare/react)
  • + PDF, Office docs, images, and video (HLS streaming)
  • + Dynamic watermarks with template variables
  • + 8 webhook events with HMAC-SHA256 signatures
  • + Docker self-hosting with SQLite and any S3-compatible storage

Get involved

The code is at github.com/cloakshare/cloakshare. Star it, fork it, open an issue, submit a PR. We label beginner-friendly issues with good first issue if you want to contribute.

Or just try it: cloakshare.dev. Upload a document, get a secure link, send it to someone. See the analytics roll in.