Send files to your cloud. Two letters. Done.

A two-letter CLI with one job: put files in, pull them out — against the cloud target you configured. No sync daemon. No mount point. No surprises.

Get started Source on GitHub →

$ zz z profile passphrase (local): unlocked · work-nc · nextcloud.zz-drop.net/zz-drop $ zz notes.md uploaded notes.md 4.1 KiB → work-nc · nextcloud.zz-drop.net/zz-drop $ zz sx slides.pdf uploaded slides.pdf 38.2 MiB (62% compressed) → work-nc · nextcloud.zz-drop.net/zz-drop $ zz d backup-2026-05.tar.zst downloaded backup-2026-05.tar.zst 184 MiB ← work-nc · nextcloud.zz-drop.net/zz-drop $

// principles

Three things, on purpose.

Privacy by design

Profiles are encrypted client-side. Your passphrase never leaves your device. No telemetry, no analytics, no IP or user-agent logs tied to profiles.

Left-hand UX

One command. No flags to remember. No decisions at runtime. Configure a profile once; afterwards it's just zz file.

Scoped, not scope-creep

No sync. No mount. No public share links. No remote file manager. v1 ships file in, file out — that's the contract.

// install

Pick the package manager you already trust.

# macOS · Homebrew tap (preferred) — completions + zz shorthand included

brew install zz-drop/zz-drop/zz-drop

# Linux & WSL · signed binaries via curl-installer (preferred)

curl -fsSL https://github.com/zz-drop/zz-drop/releases/latest/download/zz-drop-installer.sh | sh

# Build from source · power-user escape valve

git clone https://github.com/zz-drop/zz-drop && cd zz-drop && cargo build --release --workspace

No package needs root. Verify release artifacts with minisign →

Upgrade: re-run the same one-liner. brew upgrade zz-drop/zz-drop/zz-drop for the brew path; the curl-installer is idempotent — it overwrites ~/.local/bin in place and refreshes completions via zz --setup-completions.

// destinations

Four providers in v1. One more on deck.

Nextcloud WebDAV · self-hosted or managed · login flow

Google Drive OAuth device flow · scope drive.file

OneDrive OAuth device flow · Microsoft Graph · own client_id for strict business tenants

Dropbox OAuth paste-code · App folder sandbox

Proton Drive v1.1

// not to be confused with

What zz-drop isn't.

Tool	What it does	What zz-drop does instead
rclone	Mount, sync, mirror	Single-shot file transfer
croc	P2P with relay	Cloud destination via OAuth
scp / rsync	Server-to-server over SSH	Cloud-provider native APIs

// crypto, briefly

Built honestly. Documented plainly.

Profile encrypted client-side with XChaCha20-Poly1305
Argon2id KDF with parameter rotation
Open source — MIT OR Apache-2.0
Scriptable — --json output, stable exit codes
Signed releases (minisign) for every artifact
File content E2EE — on the v1.1 roadmap

Read the threat model →