Pydio Cells v5: The Secure, Sovereign Platform for Enterprise Document Management at Scale

If you manage IT infrastructure for an organization that handles sensitive files, regulated data, or complex collaboration workflows, you've likely wrestled with a familiar set of tensions: keeping data under your control while enabling cloud-scale flexibility, enforcing compliance without creating friction for users, and maintaining a clear audit trail across a sprawling document environment. You've also probably watched your teams drift toward external SaaS tools, not because your secure platform is bad, but because it doesn't do everything they need in one place.

Pydio Cells v5 addresses both problems at once. It expands the platform from a file management and collaboration system into a full knowledge management solution, while simultaneously delivering the most hardened, sovereign, and auditable version of Cells ever built.

But there's a third dimension that sets v5 apart, and it's one that matters enormously to IT teams evaluating self-hosted platforms: enterprise readiness out of the box. Many open-source file platforms promise sovereignty and control, but deliver it as a construction kit. You get the raw materials, and it's up to you to assemble, harden, and integrate them into something production-ready, then maintain that integration over time. Cells v5 takes a fundamentally different approach: enterprise-grade security, compliance architecture, cloud-native scalability, and knowledge management capabilities are built in from the start, not assembled from plugins or left as configuration exercises.

The result is a platform where doing the compliant thing is also the convenient thing, and where your governance perimeter and your users' productivity tools are finally the same boundary, on day one.

From Document Management to Knowledge Management

Introducing Pages: Your Organization's Knowledge Base, Inside Your Governance Perimeter

The most visible change in v5 is the introduction of Pages, a built-in authoring and publishing experience that transforms Cells from a place where you store documents into a place where your organization builds and shares knowledge.

Teams can now create richly formatted internal pages, wikis, runbooks, project documentation, onboarding guides, and policy references directly within the same platform where they manage their files. The editor supports richer formatting and subpage navigation. When combined with Public Links, where Pages are shown as read-only, this display mode is extremely powerful for sharing rich "minisites" with externals.

For IT managers, this is significant beyond the feature itself. Every time a team reaches for Confluence, Notion, or a shared Google Doc to capture knowledge, that content lands outside your governance perimeter. With Pages, the secure, sovereign platform becomes the natural place for knowledge work, not just file storage. Compliance, access control, audit logging, and data residency requirements apply to your organization's knowledge base by default, because it lives inside Cells alongside everything else. No integration required. No additional vendor relationship to manage.

Pages marks a paradigm shift within Cells, from a strictly files and folders structure, to an enriched content and knowledge-sharing experience. Look for more enrichment to Pages in the future.

Metadata Management: Governance That Users Will Actually Follow

Compliance depends on classification. Documents need to be tagged, categorized, and tracked in ways that reflect their sensitivity, retention requirements, and handling rules. The problem in most organizations isn't that the policy doesn't exist; it's that users don't follow it because the tooling is too cumbersome.

v5 completely rebuilds the custom metadata system with usability as a first principle, while simultaneously making it a more powerful compliance tool. Fields can be toggled on and off per context, edited inline with a focused interface, pre-filled with sensible defaults for specific teams or upload workflows, and searched across rapidly with fast, responsive search functionality that updates as you type. Validation flows on the info panel ensure that required fields are completed before documents move through a workflow.

For IT and compliance teams, this means you can implement richer classification schemes, including sensitivity labels, retention categories, handling instructions, and project tags, and have a realistic expectation that users will follow them. The experience no longer gets in the way. For end users, metadata shifts from feeling like a compliance obligation to a useful way to find things. That alignment between usability and governance is rare, and v5 achieves it, configured and ready from the start.

Built for the Enterprise From the Ground Up

It's worth being direct about a fundamental architectural difference between Pydio Cells and other self-hosted file platforms.

One of the major challenges with many open-source document management approaches is that achieving enterprise-grade security, compliance, and scalability is a builder journey. This means starting with a base platform, then selecting and maintaining the right combination of plugins, manually hardening a PHP stack, configuring external authentication, and managing compatibility across updates. The total cost of ownership and the expertise required tend to be substantially higher than they appear at first glance. You're assembling enterprise capability from parts.

Pydio Cells is architected differently. It's built as a native microservices platform, where enterprise requirements, including clustering, access control, audit logging, secrets management, and cloud-native deployment, are part of the core architecture, not add-ons. v5 extends that foundation significantly, and does so in a way that reduces deployment complexity rather than adding to it.

The entire platform is now driven by a single bootstrap.yaml configuration file. Every infrastructure component, including servers, databases, caches, message brokers, and secrets management, is initialized through a unified, URL-based plugin system. That means your infrastructure is fully described in one place, in a format that is readable, auditable, and version-controllable. This is especially useful for Kubernetes deployments. Swapping an embedded component for a managed cloud service is a one-line configuration change, not a platform migration.

For IT teams, this matters because it means the path from installation to production-ready is dramatically shorter, and the resulting deployment is dramatically easier to audit and maintain.

Data Sovereignty: Your Infrastructure, Your Rules

Cloud-Native Architecture Without Any Cloud Provider Lock-In

The complete decoupling of Cells from any specific infrastructure vendor means you choose exactly where your data lives and whose infrastructure it touches. Want to run on a sovereign cloud provider in your country or region? Point Cells at your local managed services. Prefer to keep everything on-premises? Run it on your own hardware with no external dependencies.

This is a meaningful change for any organization subject to data residency requirements. You can design your Cells deployment to satisfy those requirements precisely, and demonstrate compliance to auditors with a clear infrastructure map. And because the configuration is unified and declarative, producing that map is straightforward.

Multi-Tenancy for Complex Organizations

v5 introduces first-class multi-tenancy, allowing a single Cells deployment to serve multiple business units, subsidiaries, or client environments with full isolation at the data, configuration, and identity layers. For organizations that previously had to run separate instances to maintain that separation, this is a significant simplification, without sacrificing the isolation boundaries that compliance frameworks require. This capability is built into the platform, not assembled from extensions.

Stateless, Auditable Kubernetes Architecture

The platform's Kubernetes and clustering layers have been completely rewritten in v5. Cells pods are now fully stateless: they carry no internal state themselves, and all configuration, registry, and secret management is externalized and explicitly controlled. A dedicated controller service mediates access to Kubernetes configuration and secrets at runtime. A production-ready Helm chart for v5 is designed specifically for externally managed backends. Every infrastructure dependency, including the database, document store, cache, broker, object storage, and secrets management, can be configured as an external service. The chart is production-grade on arrival. You don't need to harden a development-oriented chart or work around bundled subcharts that weren't designed for production scale.

For compliance purposes, the stateless architecture means your infrastructure is fully declarative and inspectable. There are no hidden internal states or embedded credentials. Everything is visible, versioned, and auditable through standard Kubernetes tooling.

Security: Hardened by Default

Tighter Access Controls

v5 tightens access control semantics across the platform in several important ways. Policies and ACLs now use stable user identifiers rather than login names, which means access control decisions remain correct and auditable even when users change their credentials. Cross-node ACL references have been refined, closing a category of ambiguity that could lead to unintended access in complex deployments. Read authorization is now consistently enforced across Cells, Roles, and Namespace endpoints, a gap that is now closed in v5.

These aren't configurations you need to enable or harden after installation. They are the default behavior.

Session and Authentication Hardening

v5 ships with hardened session cookies out of the box that instruct browsers to only send authentication credentials when a request genuinely originates from Cells itself. This closes off a common class of web-based attacks in which a malicious third-party site tricks your browser into silently making requests to your Cells instance on your behalf. 

The platform now also blocks unsafe external links in password reset flows by default, preventing a category of phishing-style attacks that can redirect users to malicious sites during credential recovery. On a self-assembled platform, these hardening steps require research, configuration, and ongoing verification. On Cells v5, they're simply how the platform works.

Secrets Management Integration

Native support for Vault was introduced in v4. In v5 we adapted the Helm chart so that you can use Vault at the Kubernetes secrets engine level. This means that you use standard Kubernetes secrets, you can enable Vault as the secrets engine without having to deploy it as a hard dependency of the Cells application. For organizations that have already adopted Vault as part of their formal secrets management policies, Cells now integrates with that existing practice rather than requiring a special exception.

PostgreSQL Support

Full, tested support for PostgreSQL joins MySQL and MariaDB as primary databases. If your organization has standardized on Postgres, including in hardened, audited configurations, Cells now runs natively on your existing database infrastructure. All identity and access management, data, and scheduler stores have been tested end-to-end, with the migration framework adapted for PostgreSQL-specific behavior. This isn't a community plugin with variable quality; it's a first-class, fully validated integration

Compliance and Auditability: Visibility Into Everything

OpenTelemetry Observability Built In

.v5 ships with end-to-end OpenTelemetry support: distributed traces, structured logs, and metrics, all exported via a standard protocol that plugs into any modern observability stack, including Grafana, Datadog, Splunk, or your own SIEM. This is built into the platform at the infrastructure level, meaning you get consistent, structured audit data across every service in a Cells deployment, ready to plug into your existing tooling on day one, without needing to set up a separate telemetry tool.

Enterprise Edition: AI and Advanced Controls

For organizations on the Enterprise version, v5 builds on the LLM support in v4 by introducing OpenAI integration for AI-assisted features within the platform. Because Cells is self-hosted, this integration can be configured to use models and endpoints that stay within your sovereignty and compliance boundaries, rather than routing data to a public cloud AI service without oversight. The Enterprise build also adds a dry-run mode for the scheduler syncer, allowing you to validate sync operations before they execute, an important capability for change management in regulated environments.

A Note on International Teams

Language support in v5 has been expanded to include German, French, Norwegian, Brazilian Portuguese, Japanese, and Ukrainian. For globally distributed organizations, this reduces friction for local teams while the underlying sovereignty and compliance architecture applies consistently across all of them, without additional regional configuration.

What You Need to Know Before Upgrading

v5 is a major release. A few operational notes for your planning:

• Reverse proxy configuration is now mandatory. If you're running Cells behind a load balancer or reverse proxy (standard in most enterprise deployments), the external URL must be explicitly configured. Implicit detection from incoming requests is no longer supported.
  
• Bundled Helm subcharts are deprecated for production. If you've been running Cells on Kubernetes with bundled database and storage components, you'll need to migrate to externally managed services. This is an improvement for compliance posture: externalized, managed services are easier to audit and govern than embedded components.
• A formal upgrade process is required. There is a documented migration path from v4 to v5 covering schemas, access tokens, policies, and metadata. Review the official upgrade guide before scheduling your maintenance window.

The Bottom Line

Pydio Cells v5 makes a case that security-conscious IT teams haven't often been able to make: that the most secure, sovereign, and compliant platform is also the most capable one for knowledge work, and the one that requires the least assembly to get there.

Pages turns Cells into the place where your organization's institutional knowledge lives, governed and auditable by default. Rebuilt metadata management makes compliance a byproduct of a good user experience rather than a battle against it. A unified configuration system, production-ready Helm chart, and hardened-by-default security posture mean that enterprise readiness isn't a destination you configure toward; it's where you start.

For organizations that have been told self-hosted means self-assembled, v5 is a clear argument to the contrary.