Security

Uncompromising security. 300+ findings resolved. OpenSSF 100%. Aikido Top 5%.

AeroFTP is designed with security at every layer. From Rust's memory safety guarantees to encrypted credential storage and credential isolation for AI agents, we take your data protection seriously.

Security Architecture

Memory Safety

Built with Rust, eliminating buffer overflows, use-after-free, and data races at compile time. No garbage collector overhead, no runtime surprises.

Encrypted Vault

All credentials are stored in an AES-256-GCM encrypted vault derived with Argon2id. Passwords, API keys, and OAuth tokens never touch disk in plain text.

Credential Isolation

AI coding agents connect to servers via CLI profiles without ever seeing credentials. Tokens are resolved inside the Rust backend and never cross the process boundary.

Zero Telemetry

AeroFTP collects absolutely no data about your usage. No analytics, no crash reports, no phone-home. Your transfers stay private.

TLS & SSH

Configurable TLS modes (Explicit, Implicit, opportunistic) with certificate verification control. SSH key authentication with Ed25519, RSA, and ECDSA support.

Open Source & Audited

100% open source under GPL-3.0. Dual-reviewed by independent AI auditors (10+ specialized reviews, 90+ findings resolved). The entire codebase is on GitHub.

Self-Hosted Continuous Audit

Vendor-independent pipeline, reproducible by anyone who clones the repository

Three independent sources

We aggregate cargo audit (RustSec database), npm audit (npm registry) and osv-scanner (Google OSV). osv-scanner catches GHSA advisories that have not yet landed in RustSec, giving cross-ecosystem coverage.

Documented suppression list

Every accepted advisory lives in src-tauri/.cargo/audit.toml with an inline threat model. Reviewers (NLnet, OpenSSF, supply-chain auditors) can audit each rationale and push back specifically. No blanket ignores.

Reviewers can verify, not just trust

Anyone can clone the repository, run npm run security:report, and produce the same numbers. There is no "trust me, the dashboard says zero" step. The HTML output ships in the repo as public evidence.

No vendor lock-in

The pipeline is GPL-3.0 like the rest of AeroFTP and runs against open advisory databases. If any vendor ends a free tier, gates a feature or rate-limits APIs, the audit results stay reproducible from the repository alone.

Monthly results
MonthVersionOpenSuppressed (justified)Report
May 2026v3.7.5025HTML

For the full reference (suppression list with rationale, historical archive, tooling choices) see docs.aeroftp.app/security/continuous-audit.