Why Storm Developments Bets on Garage S3 Storage
Canadian organizations can store data in Canada. But choosing who operates it, on what hardware, with full visibility into the stack? That's a different problem - and there's no real solution for it today.
S3-compatible object storage built for developers, on Canadian-owned infrastructure, with the kind of control that actually means something? That gap is real.
Garage fills it. It's a self-hosted, S3-compatible object storage server - open source, written in Rust, built to run on commodity hardware across multiple physical locations. Storm Developments is building on top of it to change what Canadian cloud storage looks like.
Good for your business. Good for your data. Here's why we made that call.
Data sovereignty means choosing where your data lives
For Canadian organizations handling sensitive data, jurisdictional control has become a real requirement - not a preference. PIPEDA, provincial privacy law, and an increasing awareness of where data actually lives are driving that.
Garage makes a different model possible. Because it's self-hosted, you choose the hardware. You choose the location. You choose the operator. The data lives where you put it, under the laws of the jurisdiction you pick, managed by people accountable to you.
No master node. No single point of failure.
Every node in a Garage cluster is equivalent. There is no leader election, no consensus protocol, no special node that takes everything down with it. Resilience comes from replication across zones - not from premium infrastructure.
That's what we're building Storm Developments on. Canadian hardware, Canadian operator, no ambiguity about where your data is or who has access to it. And for the first time, Canadian organizations can get S3 storage on their own dedicated hardware - not a shared pool somewhere in a data centre they've never seen.
The economics actually work
Running S3-compatible storage on enterprise hardware is expensive. Redundant power, low-latency links, specialized storage infrastructure - the cost only makes sense at hyperscaler scale. That's why the big providers can do it and most Canadian companies can't.
Garage was designed around a different model. Resilience through geographical redundancy on commodity hardware. Multiple nodes in different locations, each running on a standard VPS, replicating data across zones automatically. No special hardware. No enterprise contracts. Just servers and Garage.
Designed for small operators, not data centres.
Enterprise resilience typically requires RAID, redundant power, and low-latency links — costs that only make sense at data centre scale. Garage gets you the same resilience through geographical redundancy on commodity hardware instead.
For Storm Developments, that means we can operate Canadian S3 storage at a price point that actually makes sense - and pass that along. Three nodes in three Canadian locations gives us the redundancy that would otherwise require infrastructure most small operators couldn't afford.
Open source sustainability
Garage is open source - AGPL licensed, developed in the open by Deuxfleurs, a French hosting cooperative that has run it in production since 2020. It has received public funding from the European Union's NGI programme multiple times, which speaks to its credibility as serious infrastructure software — not a weekend project.
Garage is entirely free software released under the terms of the AGPLv3. The code is public. The protocol is open. The operator is accountable.
For us, that matters beyond ideology. When you're building infrastructure products, you need to be able to read what you're running. Auditable code means you can verify the behaviour, not just trust a vendor's documentation. It means security researchers can find problems before they find you. It means the software isn't going anywhere because a company decided to pivot.
It also means no lock-in. Garage implements the S3 protocol - the same one every other storage tool already speaks. If something better comes along, or if our needs change, we're not trapped. The data stays S3-compatible regardless.
What we have built
This is not a roadmap post. We are already running Garage in production.
We built Storm Pulse - a secure server management agent that monitors and manages our infrastructure. Zero open ports, mutual TLS, HMAC-signed commands. It runs on every server we operate.
On top of it, we built a management layer that talks to Garage directly. From our internal dashboard we can see every node in the cluster, every bucket, every key - and manage all of it without touching a terminal.
Bucket and key management through Storm Pulse.
Creating a bucket, generating an API key, linking permissions - all from a web UI, all routed securely through Storm Pulse to the Garage agent running on Canadian hardware. The secret key is shown once and never stored. The code that does this is fully open.
Storm Pulse is MIT licensed. The agent running on your server is always auditable. Read the full Security Architecture.
Where we go from here
Garage solves real problems. Not hypothetical ones - the actual problem of running reliable, affordable object storage without handing control to someone else.
Open source is how digital sovereignty actually works in practice. Auditable code, controllable infrastructure, no black boxes. You can read what's running on your server. You can verify it does what it claims. You can fork it if you need to. That's the foundation.
Storm Developments is building on that foundation. Garage is our storage layer. Storm Pulse is how we manage the infrastructure. What comes next is making it accessible to Canadian organizations who want the same guarantees without having to build it themselves.
That work is underway. Follow along at stormdevelopments.ca.