We at Centro Labs recently built and released ObjeX, our own self-hosted S3-compatible blob storage.
It isn't the flashiest thing we've shipped, but it's the piece of infrastructure the rest of our stack now sits on top of. Here's why we built it and what it took to get there.

In May 2025, MinIO stripped the admin console from their community edition. In October, they stopped distributing binaries and Docker images entirely. By December, the project entered "maintenance mode." In February 2026, the minio/minio repository was archived. Read-only. No PRs, no issues, no contributions. A project with 60k stars and over a billion Docker pulls became a digital tombstone. If you want the full story, How MinIO went from open source darling to cautionary tale covers the timeline well.

We'd been running MinIO for everything. Side projects, internal tools, homelab. It was the default answer to "where do I put files?" and it worked great. Then it didn't.

We'd already been thinking about something simpler. MinIO was always distributed storage. Erasure coding, multi-node clusters, enterprise features. We never needed any of that. We just needed a place to put files on a single server with an S3 API in front of it.

So we built ObjeX.

What is ObjeX

Self-hosted blob storage with an S3-compatible API. One binary, one SQLite file, no external services required. No Redis, no Kafka, no separate database server. Point any S3 client at it (aws-cli, boto3, rclone) and it works.

ObjeX implements the S3 operations that most clients actually use: bucket CRUD, object CRUD, multipart upload, presigned URLs, batch delete, server-side copy. Operations like versioning, lifecycle policies, and bucket ACLs return 501 Not Implemented for now. They're on the roadmap, but we're not going to list them as features before they exist.

Get started in one command:

docker run -d -p 9001:9001 -p 9000:9000 -v objex-data:/data ghcr.io/centrolabs/objex:latest

Open http://localhost:9001, log in with admin / admin, and you have a working blob storage with a management UI. For production setups with environment variables and volume configuration, grab the docker-compose.yml from the repo.

What's under the hood

.NET 10 with a Blazor Server UI. A single process serves both the S3 API (port 9000) and the web interface (port 9001). No separate frontend deployment, no build step.

The storage layer hashes every object key with SHA256 and places the blob in a 2-level directory tree (65,536 subdirectories). The logical key never touches the filesystem, which makes path traversal attacks structurally impossible.

Uploads are atomic. Write to a temp file, then File.Move. If the process crashes mid-upload, the incomplete write is cleaned up on next startup.

S3 Compatibility

AWS Signature V4 was the hardest part. Canonical requests, HMAC key derivation chains, timestamp freshness checks, payload hash verification. We implemented it from scratch and verified it against aws-cli.

ObjeX currently serves as the S3 backend for our Outline and Memos instances. Both use presigned URLs and server-side uploads through the standard AWS SDKs, no special configuration needed.

What's supported: bucket CRUD, object CRUD, multipart upload (5GB+), presigned URLs (GET and PUT), batch delete, server-side copy, ListObjectsV2 with prefix and delimiter, Range requests, custom metadata via x-amz-meta-*, and S3 POST Object for browser-based uploads.

What ships with v1

Storage and API. SQLite by default, PostgreSQL as opt-in for larger deployments. Dual auth with cookie sessions for the web UI and AWS SigV4 for S3 clients on separate ports. Storage quotas per user and globally. ETag integrity verification on read (opt-in, zero overhead by default).

Operations. Audit log for every mutation with user, action, and timestamp. Prometheus metrics at /metrics with per-bucket storage gauges. Helm chart for Kubernetes. Multi-arch Docker image (amd64 and arm64).

UI. Blazor Server dashboard with storage analytics, virtual folder navigation, drag-and-drop upload, dark mode, and inline previews for images and PDFs. Role-based access with Admin, Manager, and User roles.

The codebase has 113 automated tests covering S3 operations, auth boundaries, path traversal, storage quotas, multipart upload, and data integrity. CI runs them on every push.

What's next

• Webhook notifications. POST to a configured URL on uploads and deletes so you can trigger pipelines and integrations.
• Object tags. Key-value tags on objects with filtering and search across buckets.
• Per-bucket ACLs. Read, write, and delete permissions per user per bucket.
• SSO / OIDC. Login with GitHub, Google, or any OIDC provider instead of local accounts.
• Encryption at rest. Encrypt blobs on disk with per-bucket or global key management.

Try it

ObjeX is built by CentroLabs, a two-person studio out of Zurich. It's open source under the MIT license. Source, Docker image, and Helm chart are all on GitHub.

If something is missing or broken, open an issue. We want to know which S3 operations people actually need so we can prioritize the right things.