I have a CLI tool that generates internal reports and I needed a way to share them with a coworker who doesn't use our internal storage. I didn't want to email PDFs (audit trail), Slack files (search history forever), or spin up presigned S3 URLs (configurable, but I'd be the auth boundary). What I actually wanted: a one-liner in my CLI that hands the user back a URL, where the file is encrypted client-side, the server sees ciphertext only, and the link expires on its own. This post is the walkthrough of how I built that against anon.li's Drop API . It's about 150 lines of Node, no dependencies beyond node:crypto . By the end you'll have a script you can drop into any CLI tool to add E2EE file sharing. The shape of the thing Drop's upload flow has four steps: Create a drop β POST to /api/v1/drop with metadata (IV, file count, expiry). Get back a drop_id . Add a file β POST to /api/v1/drop/:id/file with the encrypted file's metadata. Get back a fileId and presigned upload URLs (one per chunk).β¦
