filelift 0.1.3

A small CLI for lifting local files to S3-compatible object storage.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

# filelift


`filelift` is a small CLI for uploading local assets to S3-compatible object
storage and printing shareable URLs.

It is designed for writing, publishing, and static-site workflows where images,
videos, and other assets should live outside the source repository.

## Goals


- Upload one file or a directory of files.
- Support Cloudflare R2, AWS S3, MinIO, and other S3-compatible services.
- Manage multiple upload targets.
- Store secrets through the operating system keyring instead of plain text.
- Print public URLs and Markdown snippets after uploads.

## Planned CLI


```bash
filelift target add r2-blog \
  --bucket eave-assets \
  --endpoint https://example.r2.cloudflarestorage.com \
  --region auto \
  --public-base-url https://assets.example.com

filelift target use r2-blog
filelift upload ./cover.webp --prefix blog/2026/my-post --markdown
filelift upload ./assets --recursive --prefix blog/2026/my-post
filelift log export --output filelift-debug-log.jsonl
```

## Target Store


Targets contain non-secret storage metadata:

The target store is saved at `~/.filelift/targets.toml`.

```toml
default_target = "r2-blog"

[targets.r2-blog]
provider = "s3"
bucket = "eave-assets"
endpoint = "https://example.r2.cloudflarestorage.com"
region = "auto"
public_base_url = "https://assets.example.com"
```

Access keys are stored separately in the system keyring:

- service: `filelift`
- account: `<target-name>:access_key_id`
- account: `<target-name>:secret_access_key`

## Diagnostic Logs


`filelift` writes encrypted diagnostic logs to `~/.filelift/logs/events.log.enc`.
The log encryption key is stored in the operating system keyring. Logs can be
exported to a readable JSONL file for troubleshooting:

```bash
filelift log export --output filelift-debug-log.jsonl
filelift log clear
```

Review exported logs before sharing them. Secrets are redacted and are never
written to the encrypted log intentionally.

## Architecture


- `cli`: command definitions and argument parsing.
- `target`: target store load/save.
- `secret`: keyring integration.
- `diagnostic_log`: encrypted diagnostic logging and export.
- `log_command`: diagnostic log command handlers.
- `target_command`: target command handlers.
- `storage`: storage provider interface.
- `storage::s3`: S3-compatible upload implementation.
- `output`: URL and Markdown formatting.

## Status


This repository is in early scaffolding. The first implementation milestone is
target management plus single and recursive uploads to S3-compatible storage.