Esta página se muestra en inglés. Una traducción al español está en curso.
ConfigsApr 10, 2026·3 min de lectura

Ente — End-to-End Encrypted Photo Storage & 2FA

Ente provides end-to-end encrypted photo backup and 2FA authenticator. Zero-knowledge architecture — only you can see your data, even Ente cannot access it.

AI Open Source
AI Open Source · Community
Introducción

Ente is an end-to-end encrypted cloud platform providing two core products: Ente Photos (Google Photos alternative) and Ente Auth (Authy/Google Authenticator alternative). Built with a zero-knowledge architecture, Ente ensures that only you can access your photos and 2FA tokens — not even Ente's servers can decrypt your data.

With 25.9K+ GitHub stars and AGPL-3.0 license, Ente has become the go-to choice for privacy-conscious users who want cloud backup with genuine end-to-end encryption, not just at-rest encryption.

What Ente Does

Ente Photos

  • E2E Encrypted Backup: All photos and videos encrypted before leaving your device
  • Cross-Platform: Native apps for iOS, Android, macOS, Windows, Linux, and web
  • AI Search: On-device ML for face recognition and object search (runs locally, not on server)
  • Shared Albums: Share albums with family with E2E encryption maintained
  • Memories: "On this day" flashbacks
  • Archive & Trash: 30-day trash with recovery
  • Map View: View photos by location
  • Deduplication: Automatic duplicate detection

Ente Auth (2FA)

  • E2E Encrypted 2FA: TOTP tokens encrypted and synced across devices
  • Import: From Google Authenticator, Authy, Bitwarden, and more
  • Offline Access: Works without internet once synced
  • Cross-Platform: iOS, Android, macOS, Windows, Linux, web

Architecture

┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│ Client Apps  │────▶│  Ente Server │────▶│  PostgreSQL  │
│ (Flutter/Web)│     │  (Go)        │     │  (Metadata)  │
│ E2E Encrypt  │     └──────┬───────┘     └──────────────┘
│ on device    │            │
└──────────────┘     ┌──────┴───────┐
                     │  MinIO / S3  │
                     │  (Encrypted  │
                     │   Blobs)     │
                     └──────────────┘

Key: Encryption/decryption happens entirely on the client. The server only stores encrypted blobs it cannot read.

Self-Hosting

Docker Compose

services:
  museum:
    image: ghcr.io/ente-io/server:latest
    ports:
      - "8080:8080"
    environment:
      ENTE_DB_HOST: postgres
      ENTE_DB_PORT: 5432
      ENTE_DB_NAME: ente
      ENTE_DB_USER: ente
      ENTE_DB_PASSWORD: ente
    depends_on:
      - postgres
      - minio
    volumes:
      - ./museum.yaml:/museum.yaml:ro

  postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ente
      POSTGRES_PASSWORD: ente
      POSTGRES_DB: ente
    volumes:
      - pg-data:/var/lib/postgresql/data

  minio:
    image: minio/minio
    command: server /data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    volumes:
      - minio-data:/data

volumes:
  pg-data:
  minio-data:

Zero-Knowledge Encryption

Your Device                      Server
─────────                        ──────
Generate key from password
        │
Encrypt photos with key
        │
Upload encrypted blob ──────▶ Store encrypted blob
                               (cannot decrypt)
        │
Download encrypted blob ◀────── Send encrypted blob
        │
Decrypt with key
        │
View photos
  • Master key derived from your password (never transmitted)
  • Each file encrypted with unique key
  • File keys encrypted with master key
  • Server stores only ciphertext

Ente vs Alternatives

Feature Ente Google Photos iCloud Immich
E2E Encrypted Yes (zero-knowledge) No Advanced Data Protection No
Open Source Yes (AGPL-3.0) No No Yes (AGPL)
Self-hosted Yes No No Yes
2FA App Built-in (Ente Auth) No No No
On-device ML Yes Server-side Server-side Server-side
Cross-platform All platforms All platforms Apple only All platforms

FAQ

Q: Ente or Immich? A: If privacy and encryption matter most, choose Ente (end-to-end encrypted — even a compromised server can't read your photos). If you care more about feature richness and AI search, choose Immich (more powerful server-side ML search, but you must trust the server).

Q: Can self-hosted Ente Auth replace Google Authenticator? A: Absolutely. Ente Auth imports from Google Authenticator and provides encrypted cloud backup and multi-device sync — features Google Authenticator lacks.

Q: Self-hosted storage costs? A: Storage capacity in the self-hosted version depends on your MinIO/S3 setup. You can use local disks or any S3-compatible object store. The official cloud service starts at $1.99/month for 10GB.

🙏

Fuente y agradecimientos

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Mathesar — Open-Source Database Interface for PostgreSQL

Mathesar is a self-hosted web application that provides a spreadsheet-like interface for PostgreSQL databases, letting non-technical users browse, query, and manage data without writing SQL.

AI Open Source

Livebook — Interactive Notebooks for Elixir

Livebook is an open-source web application for writing interactive and collaborative code notebooks in Elixir, featuring real-time collaboration, smart cells for databases and charts, and seamless integration with the BEAM ecosystem.

AI Open Source

Nango — Open-Source Platform for Product API Integrations

Nango is an open-source unified API platform that handles OAuth flows, token refresh, rate limiting, and data syncing for 250+ third-party APIs so developers can ship product integrations faster.

AI Open Source
Inicio🔍Buscar👤Yo