R2GO v1.0

Bring Cloudflare R2 storage to your iPhone & iPad with the simplicity of the Photos app.

Fancy a TestFlight?

What you can do

Secure credentials

Keys live only in Keychain. Never transmitted to anyone but Cloudflare.

Thumbnail grid

Browse buckets in a blazing-fast photo grid with GIF, WebP & video preview.

Full-screen preview

Inspect, rename, move or delete objects with a tap.

Upload from Photos

Add new images straight from your camera roll or Share sheet.

Live usage stats

Track bucket size and Class A/B operations in real time.

Dark-mode & Dynamic Type

Looks great in light or dark, adapts to your preferred text size.

Documentation: Getting Your R2 Credentials

R2GO connects directly to your Cloudflare R2 account. Follow these steps to generate the credentials required for sign-in.

1. Generate an Access Key / Secret

Sign in to the Cloudflare Dashboard.
Navigate to R2 → Manage R2 API Tokens.
Click Create API Token and choose the R2 Full Access template.
Name the token (e.g., R2GO-iPhone) and hit Create.
Copy the Access Key ID and Secret Access Key—you'll paste them in the app.

2. Locate your Account ID

In the dashboard, your Account ID appears at the top-right of any R2 settings page. It's a 32-character hexadecimal string.

3. (Optional) Analytics Token

If you'd like live bucket-usage charts inside R2GO:

Create a second API token with the Analytics Read template.
Scope it to Account → your account → Analytics Read.
Copy the token and paste it into the Analytics field in R2GO Settings.

4. Security Tips

Use unique tokens for each device—revoke them anytime from the Cloudflare dashboard.
R2GO stores credentials securely in the iOS Keychain and never transmits them anywhere except Cloudflare.
You can delete all local credentials via Settings → Log Out & Reset.

Introduction

R2GO is an iOS/iPadOS application that lets you browse and manage your own Cloudflare R2 buckets. The app is entirely client-side: all networking happens directly between your device and Cloudflare's R2 endpoints. The developer (Ben Ravetta / R2GO) does not operate any servers that receive, proxy, or store your data.

What information the app handles

A. User-entered credentials

Cloudflare R2 Access Key ID

Secret Access Key

Account ID

(Optional) Analytics GraphQL token

Where stored Securely in Apple Keychain on-device.
Shared Only with Cloudflare's R2 servers when you perform an action (list, upload, delete, etc.). Credentials are never transmitted to the developer.

B. Bucket object data

The app shows file names, sizes, thumbnails, and metadata that already exist in your bucket. That data is visible only to you in the app UI; it is not transmitted elsewhere.

C. Thumbnail cache

Small thumbnail images are cached on your device's disk/memory to speed up browsing. You can clear this cache at any time in Settings.

D. Photos / Files you choose to upload

Images you pick with the system photo picker or share sheet are uploaded directly to the R2 bucket you select. No copy is sent to any third party other than Cloudflare.

E. Face ID / Touch ID (optional)

If you enable the "Require Face ID / Touch ID" toggle, the app uses Apple's Local Authentication framework solely to lock or unlock R2GO. Your biometric data never leaves the Secure Enclave and is not accessible to the app.

F. Analytics

R2GO does not collect analytics or usage statistics. The optional Cloudflare Analytics token you may provide is used only to fetch your own R2 usage numbers from Cloudflare.

Security practices

All network traffic uses HTTPS/TLS 1.2+.

Credentials are stored with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, preventing iCloud backup and restricting access to the current device.

Thumbnail cache is stored in the app's sandboxed Caches directory.

Source code is available upon request for independent review.