I built a desktop client for Cloudflare R2 / S3. Just got $10k in Cloudflare credits. $0 marketing so far — here's where I actually am.
A while back I got fed up with the same annoying loop every time I switched machines: install a storage client, paste in my Access Key + Secret Key again, re-set my bucket connections, repeat. Cyberduck, Mountain Duck, rclone — they're all great, but every single one makes you redo setup from scratch on every new device.
So I built GhostDesk — a desktop app for browsing, uploading, sharing, and locking files on storage you actually own (R2, S3, Spaces, B2, MinIO, or any S3-compatible provider). It doesn't host your files — they stay in your own bucket.
The part I actually care about: your credentials are encrypted locally (AES-256-GCM, PBKDF2 key derivation) before they ever sync, plus a 12-word recovery phrase if you lose your password — similar to how crypto wallets handle seed phrases. Log into your account on a new machine and your encrypted keys unlock right there. No copy-pasting secret keys ever again. The crypto module is open source so anyone can audit it.
Where I'm at:
- Windows app is live (Mac is next)
- Just got accepted into Cloudflare's startup program — up to $10k in R2 credit
- Literally zero marketing, zero community posts, zero users outside of me testing it daily
- Built solo, and I'll be honest — marketing is not my strength
What I'm genuinely unsure about: whether "no re-setup on a new machine" is actually strong enough for someone to switch away from free tools like Cyberduck or rclone, or if it's a nice-to-have nobody will pay for.
If you manage your own R2 or S3 buckets and have ever been annoyed re-entering keys on a new laptop — brutal feedback welcome, that's more useful to me right now than compliments.
GhostDesk is free
https://ghostdeskapp.com/
https://apps.microsoft.com/detail/9NXPFFPGV59W
For a solo dev, no re-setup is a nice-to-have, but the paid product is hiding in your security paragraph. Encrypted credential sync with audit and recovery is a team and compliance story, and the teams or MSPs managing buckets for clients will pay for that, while individuals on free Cyberduck never will. I ran a Microsoft MSP for years: the buyer is whoever has to answer 'where are our access keys and who can see them,' so reposition around secure credential management for teams and make the Cloudflare relationship your first channel, not generic marketing.
This is a real pain point, but the honest filter is: you’re competing against “good enough + free + already installed”, which is a brutal baseline.
Right now Cyberduck / rclone / S3 tools aren’t winning because they’re smooth — they’re winning because people only feel the pain of setup when they switch machines, and that’s not frequent enough to trigger payment for most users. So “no re-setup” is valuable, but it’s still a rare pain, not a daily one.
Where this could become strong enough to pay for is if you widen the value beyond migration/setup friction into ongoing workflow: faster switching between buckets, team sharing, permission control, audit history, or making S3 feel like a real desktop filesystem people interact with daily, not just a config tool.
The encryption + recovery phrase angle is interesting, but also adds cognitive weight — most S3 users don’t think in crypto terms, they think in “I just need my files to work everywhere.”
So the real question isn’t “is this useful” — it is. It’s “is this frequent enough pain to justify a new daily tool, or just a better feature inside existing ones?”
Right now it reads closer to a quality-of-life upgrade for power users, not a must-have switch yet — which means distribution or workflow expansion will matter more than the setup improvement itself.
Worth clarifying: GhostDesk is free, so the bar isn't
"justify a new paid tool" — it's "is it better enough
that someone switches from what they already have."
But your framing still lands. "Rare pain" means low
daily engagement, which means low word-of-mouth, which
means distribution is the real problem regardless of
pricing.
The "daily tool" angle you mentioned — faster bucket
switching, audit history, making S3 feel like a real
filesystem — that's genuinely a different product than
what I built. I built for the setup moment. You're
describing something people open every day.
Not sure yet which one I'm actually building. This
thread is helping me figure that out.
The most interesting part isn't the $10k in Cloudflare credits—it's that you built a developer tool in a space where most people would assume "Cloudflare already has a dashboard, why would anyone pay for this?"
That's usually a good sign. If users are willing to pay for a better workflow around an existing platform, you've probably found a real pain point rather than a feature request.
Congrats on the credits — that’s real validation. Curious what your retention looks like past week one for users who installed it. With dev tools, install numbers can be misleading since a lot of people try-and-forget; the ones who come back daily are the signal worth tracking closely.
Honest answer: I don't have retention data yet because I don't
have users yet. This post is literally day one of trying to find
the first ones.
Zero installs from strangers so far — just me using it daily,
which is probably the most biased retention signal possible.
That's the number I'm trying to get to next.
My impression is that "no re-setup" is a nice-to-have because the pain is too rare to make people leave a free tool. The bigger issue is recall, they won't remember you exist at the one moment they'd need you. So I'd show up where people already are while setting up (Cloudflare onboarding, R2 docs) rather than general subreddits. And the encrypted-keys angle is the stronger story, "stop pasting secret keys everywhere" is worth paying for, and in my opinion "save two minutes" isn't.
One thing worth clarifying for context: GhostDesk is free.
So the bar isn't "is it worth paying for" — it's just whether
the experience is better enough that someone would switch from
what they already have.
Right, free changes it. With no purchase decision the whole game is discovery plus the trigger to switch, so the move is catching people right when they're setting up a new machine. That's the only moment the pain and your pitch both land. The encryption angle is still what earns the switch, it's the reason to bother installing something new over the tool they already know.
That's the clearest it's been stated. Discovery at setup moment,
encryption as the reason to switch — not the other way around.
Cloudflare docs and onboarding is next. Appreciate you pushing
on this.
Good luck with it. Go get those Cloudflare devs.
Love that you're posting the messy middle, not just the wins. The boring execution is where the real product gets made. What was the hardest part of this one that didn't make the screenshot?
The hardest part that didn't make the screenshot:
figuring out if I'm building a real product or just
a personal tool I happen to have published.
Still not sure.
Honest take on your core question: "no re-setup on a new machine" is real but it's a convenience win, and convenience alone rarely makes people leave a free tool they've already configured. The thing that could make it a switch-worthy product is the security angle you almost buried — local AES-256-GCM encryption of credentials with an auditable open-source crypto module is a genuinely different value prop from Cyberduck/rclone, especially for anyone handling client buckets or working in a team. "Stop pasting secret keys into yet another tool" is a security story, not just a convenience one, and security is something people actually pay for.
So I'd flip the positioning: lead with "your S3 keys, encrypted locally, never re-pasted" rather than "no re-setup." Same feature, but one frames it as saving 2 minutes and the other frames it as reducing the risk of leaked credentials.
One question back: who feels the key-leakage pain most? Solo devs probably tolerate the friction. But agencies/teams juggling multiple clients' buckets might pay to never have plaintext keys floating around. Might be worth talking to a few of those before Mac dev eats your next month.
(Also — running on Cloudflare myself, the R2 credits from their startup program are no joke. Congrats on getting in.)
"Your S3 keys, encrypted locally, never re-pasted" vs
"no re-setup" — same feature, completely different story.
That's the reframe I needed.
Worth noting: GhostDesk is free, so the "pay for security"
angle shifts to "trust it with your keys" — but the security
lead still makes more sense than convenience lead regardless
of pricing.
The agencies/teams angle is interesting. I built it for
solo pain but you're right that key leakage is a bigger
problem when multiple people are touching the same buckets.
That's a conversation I haven't had yet. Going to before
Mac dev takes over.
The $0-marketing stage is the hardest part, way harder than the building. I'm right there too. What's actually moved the needle for you so far has anything beaten just showing up in communities and DMing people directly? Curious what's working vs what felt like a waste of time.
Honest answer: this post is the first thing I've done.
Posted today, $0 spent, haven't touched Reddit or anywhere else yet.
So I can't tell you what works vs what's a waste —
I'm figuring that out in real time, same as you.
What I can say is this thread has given me more useful
product feedback in a few hours than months of building alone.
What are you building?
Haha love that we're running the same experiment live. And honestly you posting and getting feedback in hours instead of polishing in silence IS the move. That's the thing I wasted months not doing.
What I'm building: a Next.js + Supabase SaaS starter all the boring infra (auth, row-level security, payments, image handling, GDPR) wired together so you can skip straight to your actual product. Solo, about a month in. There's a live demo too happy to drop the link if you want a look (can't post links yet, new account 😅).
Your turn what'd you post today, what are you making? And if you're building on Next/Supabase, I'll just hand you a free copy, no strings. Might save you the month I burned.
The reframe from "storage client" to "credential sync across machines" is the right one — those are two completely different products with different buyers and different search intent. Someone looking for a storage client is already happy with Cyberduck. Someone who just spent 20 minutes re-pasting keys on a new machine is actively annoyed and looking for a fix right now. The second person converts; the first doesn't. The Cloudflare acceptance is actually a distribution signal too — their developer community and docs are a higher-intent channel than most subreddits for this specific pain.
"Actively annoyed right now" vs "generally open to better tools"
is the whole distribution strategy in one sentence.
The Cloudflare docs angle keeps coming up in this thread —
multiple people pointing at the same channel independently
is hard to ignore. That's next.
no sabia que esto era posible, increible
$10k credits is a great problem to have — the $0 marketing part is the familiar wall. For dev tools like this, what's worked for others: show up in threads where people already complain about S3/R2 workflows (r/selfhosted, r/webdev, r/aws) — answer the pain, link last or never.
The tedious bit is finding those threads daily, not writing the reply. What's your ICP — indie devs, agencies, or teams already on Cloudflare?
The Reddit angle is exactly what I've been told and haven't done yet —
the hard part is showing up consistently, not crafting the reply.
Working on that.
ICP: honestly still sharpening this, but my best guess right now is
solo devs and indie builders who manage their own R2/S3 buckets and
jump between machines. Not agencies or teams yet — the sync-encrypted-
keys feature solves a personal workflow pain more than an org-level one.
Does that feel too narrow to build around, or is that actually the
right place to start?
Not too narrow — for dev tools, "solo devs managing their own R2/S3 across machines" is usually better than "everyone who uses cloud storage." Specific pain = specific threads = higher intent.
Where I'd look: r/selfhosted, r/webdev, r/cloudflare, r/aws, r/devops — search for "R2", "S3 workflow", "sync credentials", "multi-machine dev setup", not "desktop client."
The hard part is the same as you said: doing that hunt consistently at $0 marketing. Reply in those threads is 5 min; finding them is the hour.
If you want, I can hand-build a sample list for GhostDesk's ICP (solo devs + R2/S3) — recent threads + reply drafts. Free, same as I offered koranthorne. Just say the word.
That breakdown is exactly what I needed — "sync credentials" and
"multi-machine dev setup" are much better search terms than
"desktop client", I wouldn't have thought to frame it that way.
And yes please on the sample list, that would be genuinely helpful.
Appreciate you offering that.
On it — same format as above. Send me GhostDesk's one-liner + confirm subs (thinking r/selfhosted, r/webdev, r/cloudflare, r/aws) and I'll have your sample list in ~24h.
On it.
One-liner: GhostDesk is a desktop client for your own R2/S3 storage
— credentials encrypted and synced, so logging in on a new machine
unlocks everything instantly, no re-pasting keys.
Subreddits look right to me. r/cloudflare and r/selfhosted feel like
the highest intent — I'd add r/devops if you think it fits.
ghostdeskapp.com for context.
Sample list ready:
https://threadscout-theta.vercel.app/feed/173fed6f-4486-4436-be29-fc7f426a57cf
What you'll see:
• 2 threads from today's automated scan of r/selfhosted (passed the 6/10 bar)
• 2 threads at the bottom I manually added — both S3-related posts I thought might fit. Gemini scored them 2/10 anyway.
That last part is actually the point: "S3" in the title ≠ your ICP (R2 credential sync across machines). A dumb keyword alert would have pushed you to reply to a file-sharing tool thread and a OneDrive-on-Linux thread — exactly the kind of engagement that gets you flagged as spam. The scorer filtered them out even though I tried to force them in.
r/selfhosted is mostly homelab/hobbyist content, not where solo devs describe R2 credential pain. I also searched r/cloudflare + r/webdev for fresh threads — almost everything relevant is 8+ months old. So this sample is thin, but it's real, not padded with junk.
If 1–2 of the top threads feel worth replying to, the daily version is $39/mo. If not, tell me what's off — wrong subs, wrong pain, drafts too salesy — and I'll adjust (probably tighter on r/cloudflare + r/webdev once there's fresh activity).
Curious if the scoring matches your gut on what's actually worth your time.
This is more useful than the list itself — the insight that
r/selfhosted skews homelab and the relevant threads on r/cloudflare
are mostly stale is exactly what I needed to know before wasting
time on the wrong channels.
Going to work through the sample manually first and see if the
scoring matches what I'd actually reply to. If the signal stays
thin I'll reconsider — but at zero revenue right now $39/mo needs
to prove itself against just searching myself with better terms.
Genuinely appreciate the free sample, this saved me a few weeks
of figuring that out the hard way.
Makes sense to test manually first — that's the whole point of the sample.
When you've clicked through: which threads felt right vs noise? Even "both wrong" is useful — tells me whether r/selfhosted was the wrong hunt for R2 credential pain, and whether a tighter pass on r/cloudflare + r/webdev would be worth running.
if the scoring direction feels useful after you've looked, I do a founder intro — $19 for the first month, then $39/mo if it's still beating manual hunting.
No pressure either way; feedback on the sample matters more to me right now.
The thing that stood out to me is that the post starts as a storage client and ends up spending most of its time talking about setup.
Not uploads.
Not downloads.
Not file management.
Just the annoyance of having to rebuild the same environment every time you switch machines.
That feels like a very specific frustration, which is usually where interesting products come from.
Yeah, that's exactly it — and honestly I didn't fully realize that was
the core pitch until I was writing the post.
I kept describing it as a "storage client" but what actually drove me
to build it was that specific moment of sitting down at a new machine
and having to dig up credentials again. The file management part was
almost an afterthought.
Still figuring out if that's a big enough pain point for enough people
to build a real product around, but posts like this help me get clearer
on what I'm actually building. Appreciate it.
Possibly.
I'd just be careful that clarity and confidence can sometimes arrive at different speeds.
A founder can become much clearer about what they're building before they've earned the right to feel confident that's what the market is actually hiring it for.
That's the part I'd keep watching.
That's a fair and useful distinction. I have clarity, not validation.
The honest answer is I don't know yet if the market hires it for
the reason I built it — that's exactly what I'm trying to find out
right now, hence the post.
That's the part I'm watching too.
That's a healthy place to be.
The thing I'd probably watch is whether the first evidence you get ends up answering the question you think you're asking.
Sometimes founders go looking for validation and accidentally end up validating a different story than the one they're trying to test.