150 مستودعات
Mechanisms for securing data at rest and in transit using cryptographic standards.
Distinguishing note: Focuses specifically on encryption implementation rather than general security policy.
Explore 150 awesome GitHub repositories matching security & cryptography · Data Encryption. Refine with filters or upvote what's useful.
rclone is a command-line utility and sync engine for managing, synchronizing, and migrating files across numerous cloud storage providers. It functions as a storage management tool that enables bidirectional or one-way synchronization between local filesystems and remote cloud backends. The project acts as a unified cloud storage gateway, capable of merging multiple remote providers into a single directory tree. It further provides a filesystem mount to expose remote cloud storage as a local disk for direct operating system access and a transparent encryption wrapper to secure data before it
Implements a transparent encryption layer that secures files before they are uploaded to any remote provider.
OpenHuman is an AI application framework for building private intelligence systems and personal AI layers. It provides a system for deploying private AI assistants that execute technical tasks and manage personal knowledge bases. The project features a model-agnostic request proxy that routes AI workloads to different large language models based on requirements for reasoning, speed, or vision. It integrates an OAuth-driven data integrator to synchronize personal information from external services into a local knowledge base composed of hierarchical Markdown summaries. The framework also inclu
Secures sensitive workflow data and credentials on-device using authenticated encryption and OS-level credential managers.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Protects sensitive data at rest using strong encryption algorithms.
Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an eve
Protects sensitive information using industry-standard encryption for data at rest and in transit.
RocksDB is a high-performance, embeddable persistent key-value library and storage engine based on Log-Structured Merge-trees. It is designed to provide durable storage for large-scale datasets, integrating directly into applications to manage data on flash and RAM-based hardware. The engine is distinguished by its focus on minimizing read and write amplification through multi-threaded compaction and custom memory allocators. It features specialized optimizations for flash storage, including support for zoned block devices, and provides the ability to extend store behavior via external plugin
Secures data at rest on local storage using external cryptographic libraries for encryption.
Langfuse is an open-source observability and evaluation platform designed for language model applications. It provides a centralized system for tracking execution traces, monitoring performance metrics, and managing prompt templates. By capturing hierarchical units of work and telemetry data, the platform enables developers to debug complex application lifecycles and analyze token usage, latency, and model interactions in production environments. The platform distinguishes itself through an integrated evaluation framework that allows for systematic benchmarking and automated scoring of model
Secures stored information using encryption at rest to protect configuration and application data from unauthorized access.
Fingerprint is a visitor identification and fraud detection platform that generates persistent, unique identifiers by analyzing browser and device attributes. By extracting technical signals from the client environment, it enables reliable user tracking across sessions without relying on traditional cookies. The platform distinguishes itself through its focus on high-accuracy identification and security-first architecture. It employs edge-side proxying to bypass ad-blockers and privacy restrictions, ensuring consistent data collection. To maintain data integrity, it uses cryptographic payload
Decrypts and processes visitor intelligence payloads on the server to ensure data integrity and security.
This project is a Python framework for building autonomous, event-driven agent systems. It provides a unified runtime for orchestrating multi-agent workflows, managing persistent conversation state, and executing code within secure, isolated sandbox environments. The framework is designed to handle complex task delegation, allowing agents to invoke other agents as tools while maintaining context across multi-turn interactions. The framework distinguishes itself through its deep integration with the Model Context Protocol, enabling agents to connect to external data sources and remote services
Applies transparent encryption to stored session data for security.
Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external
Kestra protects sensitive script task outputs by encrypting them, ensuring they remain hidden in the interface while remaining accessible to subsequent tasks.
Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai
Secures store values and API payloads using custom encryption middleware and user-defined methods.
This application is a desktop utility for managing, editing, and visualizing local database files. It provides a graphical interface for executing SQL queries, designing database structures, and performing routine maintenance tasks on data stores. The software distinguishes itself through its support for encrypted database files, allowing users to manage password-protected data using modular cryptographic extensions. It also offers built-in tools for data analysis, enabling the generation of graphical charts and plots directly from query results to identify trends within datasets. Beyond its
The application integrates cryptographic extensions to create and manage password-protected database files using industry-standard encryption protocols to ensure data privacy.
This project is a reactive, offline-first NoSQL database engine designed for JavaScript applications. It provides a robust framework for managing application state by synchronizing data across browsers, mobile devices, and server-side runtimes. By treating local storage as the primary source of truth, it enables applications to remain functional without network connectivity, automatically reconciling changes with remote backends once a connection is restored. The database distinguishes itself through a modular architecture that supports cross-environment synchronization and high-performance d
Secures sensitive document fields by encrypting them before they are written to local storage.
This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k
Protects data at rest through system-wide encryption and restricted startup disk authentication.
This project is a comprehensive security hardening and privacy management guide for macOS. It provides a set of instructions and checklists for reducing the system attack surface through manual configuration, policy enforcement, and a layered defense strategy. The guide emphasizes a system auditing framework, using binary analysis, system logs, and packet inspection to verify that security controls and application sandboxing are functioning as intended. It offers tool-agnostic recommendations, defining security goals while allowing users to select their own third-party software for implementa
Provides detailed instructions for implementing full disk encryption and secure data-at-rest protections on macOS.
Magic Wormhole is a command-line utility designed for the secure transfer of files and text between two computers. It establishes encrypted, peer-to-peer connections that allow users to move information directly without relying on permanent cloud storage or third-party hosting. The system utilizes a password-authenticated key exchange to verify the identity of both endpoints, requiring only a short, human-readable code to initiate a session. By employing ephemeral key derivation and a relay server that cannot decrypt the transmitted content, the protocol ensures that data remains private and
Routes encrypted data through an intermediary relay server that cannot decrypt the content or identify the communicating parties.
Deepface is a comprehensive deep learning library for facial recognition and demographic analysis. It provides a modular pipeline that handles the entire lifecycle of facial processing, including detection, geometric alignment, and the transformation of facial images into high-dimensional numerical vector embeddings for identity verification and similarity comparison. The library distinguishes itself through a model ensemble approach, which combines predictions from multiple pre-trained neural networks to improve classification accuracy and reduce bias. It also integrates advanced security fe
Evaluates linear models and distance metrics on encrypted vectors to perform secure machine learning tasks.
Sops is a secrets encryption tool designed to encrypt and decrypt sensitive values within configuration files. It functions as a manager for secrets that integrates with cloud key vaults and PGP keys to secure data stored in version-controlled files. The tool utilizes structure-preserving encryption to encrypt individual values while keeping the overall file format and non-sensitive keys intact. It employs a KMS-backed encryption model, interfacing with external key management services from AWS, GCP, and Azure to handle cryptographic operations without exposing private keys locally. The proj
Employs symmetric-key envelope encryption by using unique data keys encrypted by a master provider key.
This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows. The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encry
Encrypts specific values within structured files while preserving the surrounding keys for version control compatibility.
This platform is a modular, metadata-driven framework designed for building custom business applications and data management systems without traditional coding. It functions as a low-code environment where data models, user interfaces, and business logic are defined through visual configurations rather than hardcoded views. The architecture supports multi-tenant isolation, allowing multiple independent applications to run within a single shared memory space while maintaining strict logical separation of data and configurations. What distinguishes this system is its deep integration of artific
Protects sensitive data using strong hashing for passwords and transport encryption for network communications.
Age is a command-line utility for file encryption that utilizes hybrid cryptography to secure data for multiple recipients. It employs a combination of asymmetric key exchange and symmetric encryption to protect files, supporting access control through public keys, shared passphrases, and hardware-backed identity integration. The tool is designed for memory-efficient operation, utilizing stream-oriented processing to handle large datasets in small, sequential chunks. It features a stanza-based metadata framing system that allows for extensible file headers and supports random-access decryptio
Processes large files in small, manageable chunks to perform encryption or decryption without exhausting system memory.