27 مستودعات
Mechanisms for securing sensitive data on disk using encryption.
Distinguishing note: Focuses on secure key storage specifically.
Explore 27 awesome GitHub repositories matching security & cryptography · Encrypted Storage. Refine with filters or upvote what's useful.
This project is a cross-platform credential management suite designed to store sensitive information in encrypted local databases. It functions as a secure desktop application that provides a unified environment for organizing secrets, generating passwords, and managing multi-factor authentication tokens. By utilizing industry-standard file formats, the application ensures that stored credentials remain secure and interoperable across different operating systems. The software distinguishes itself through deep integration with hardware-backed security and system-level services. It supports phy
Implements industry-standard file formats for secure and interoperable credential persistence.
Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perfo
Protects user files and data using client-side encryption to ensure complete privacy from service providers.
SmsForwarder is an Android application designed to capture incoming text messages and automatically transmit them to external services, messaging platforms, or email accounts. It functions as a bridge for mobile alerts, enabling the centralized monitoring of SMS traffic and system notifications across various digital channels. The application distinguishes itself through a modular forwarding architecture that supports diverse communication protocols via a plugin system. It utilizes a background service and system-level listeners to ensure that message interception and relay operations continu
Secures sensitive credentials and configuration data using platform-provided cryptographic APIs.
This project is a reactive, offline-first NoSQL database engine designed for JavaScript applications. It provides a robust framework for managing application state by synchronizing data across browsers, mobile devices, and server-side runtimes. By treating local storage as the primary source of truth, it enables applications to remain functional without network connectivity, automatically reconciling changes with remote backends once a connection is restored. The database distinguishes itself through a modular architecture that supports cross-environment synchronization and high-performance d
Secures data at rest by automatically encrypting specific document fields using a provided passphrase.
Sandboxie is an operating system-level virtualization tool designed to run Windows applications in isolated, secure environments. By intercepting system calls and redirecting file system and registry modifications to a separate, discardable storage area, it prevents untrusted software from making permanent changes to the host system. This containment ensures that browser history, temporary files, and potential malware remain trapped within the sandbox, protecting the integrity and privacy of the underlying host. The software distinguishes itself through granular control over the isolation env
Uses encrypted disk images and volatile memory to protect sensitive information while ensuring data is wiped after the process terminates.
Cryptomator is a client-side cloud encryption tool and cross-platform vault manager. It provides a transparent encryption layer that encrypts files and folder structures locally before they are uploaded to a cloud storage provider. The software creates virtual encrypted drives that mount encrypted vaults, allowing users to interact with their data as if it were on a physical disk. It supports the management of multiple independent encrypted containers, each protected by a unique password. The project covers data privacy through directory structure obfuscation and filename encryption to hide
Creates secure virtual disks to interact with encrypted files as if they were stored on physical hardware.
Seafile is a self-hosted file synchronization and sharing platform that provides a central server for maintaining file consistency across multiple devices. It functions as a cloud storage management system and a collaborative document suite, integrating tools for real-time teamwork and shared file management. The platform distinguishes itself through a metadata-driven file organizer that uses extensible properties and hierarchical tags instead of traditional folder structures. It includes client-side encrypted storage to protect private data using user-defined passwords before files leave the
Mounts remote cloud storage as a virtual drive that downloads content on demand to save local space.
This project is an Ethereum wallet browser extension that serves as a blockchain identity manager and a bridge between decentralized applications and the Ethereum blockchain. It functions as a multi-network blockchain wallet, allowing users to manage digital keys and interact with various Ethereum-compatible network ecosystems. The software provides a provider interface for signing transactions and reading chain data. It enables users to switch between different blockchain networks and maintain secure identities to authenticate on decentralized networks. The system covers the management of w
Protects private keys and seeds using password-based encryption within secure browser storage.
aliyundrive-webdav is a server-side gateway that translates AliyunDrive cloud storage into a WebDAV interface. It functions as a self-hosted cloud file server that maps remote storage accounts to a local network drive, allowing users to manage files through standard network drive clients. The project distinguishes itself by routing data requests directly between the client and the cloud provider to enable direct media streaming without server-side proxying. It utilizes a terminal-based QR code authentication system to exchange scans for refresh tokens and maintains a secure cloud gateway usin
Translates Aliyun Drive cloud storage into a WebDAV interface for management via standard network drive clients.
VeraCrypt is a cross-platform disk encryption utility used to create encrypted file containers and secure entire disk partitions. It functions as a tool for full disk encryption and a manager for encrypted volumes, providing a means to protect sensitive data on local disks and removable media across multiple operating systems. The software is distinguished by its support for plausible deniability, allowing the creation of hidden volumes nested within other encrypted volumes to conceal the existence of data. It also implements hardware-based access control, requiring physical security tokens,
Maps decrypted data streams to virtual encrypted disks so the host OS treats them as physical devices.
This project is an open-source software development kit and framework for implementing the Matter smart home standard. It provides a universal IPv6-based application layer and a cluster-based data model to ensure interoperability between diverse smart home devices and controllers. The system is distinguished by its multi-transport network abstraction, which maps Bluetooth LE, Thread, and Wi-Fi implementations to a common layer. It includes specialized tooling for secure device commissioning via QR codes and NFC, as well as a comprehensive over-the-air firmware update system for distributing s
Implements encryption for firmware and non-volatile storage to prevent unauthorized access to sensitive device data.
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Provides an encrypted vault to centralize the storage of API keys, database credentials, and certificates.
LitePal is an object-relational mapping library and SQLite database wrapper for Android applications. It replaces raw SQL queries with a fluent interface and object mapping to simplify local data persistence and database management. The project provides a specialized system for automatically synchronizing database schemas based on model definitions to handle version updates. It also includes a storage solution for securing sensitive data through configurable field-level encryption. The library covers broad data storage and synchronization capabilities, including atomic transaction support, m
Secures sensitive data fields within an SQLite database through integrated field-level encryption.
Jeesite is a full-stack low-code development framework designed for building enterprise administrative portals using Spring Boot, MyBatis, and Vue. It functions as a comprehensive platform for creating administrative dashboards with integrated role-based access control and organizational data permission systems. The framework distinguishes itself through a combination of automated CRUD code generation and an integrated RAG platform that connects large language models to enterprise data via vector stores. It further incorporates a BPMN-based workflow engine to automate complex business process
Protects sensitive data stored in the browser's local storage using AES encryption.
Stack هو مزود هوية مفتوح المصدر يدير مصادقة المستخدمين، ومفاتيح المرور (passkeys)، ورموز OAuth. يوفر بنية تحتية للهوية تتعامل مع تخزين بيانات المستخدمين وتدفقات المصادقة عبر لوحة تحكم إدارية مركزية. تتميز المنصة بدمج نظام إدارة مستخدمين متعدد المستأجرين ينظم المستخدمين في مساحات عمل للفرق عبر تدفقات الدعوات. يتضمن خزنة أسرار آمنة لتخزين مفاتيح API المشفرة ورموز المستخدمين باستخدام مفاتيح تشفير تظل مخفية عن مزود الخدمة. يغطي النظام مجموعة واسعة من القدرات الإدارية، بما في ذلك محرك اشتراكات وفواتير للرسوم المتكررة والقياس القائم على الاستخدام. كما يوفر تحكماً في الوصول قائماً على الأدوار لإدارة الأذونات، وتحليلات سلوك المستخدم للتقارير، وطبقة اتصالات لتسليم البريد الإلكتروني المؤتمت وخطافات الويب (webhooks) الموقعة.
Vaults user tokens in a server-only storage system using encryption keys hidden from the service provider.
Julep هو منصة لتنسيق وكلاء LLM وواجهة خلفية للذكاء الاصطناعي متعددة المستأجرين مصممة لبناء وكلاء مستقلين بذاكرة دائمة، وتكامل الأدوات، وتدفقات عمل معقدة متعددة الخطوات. يعمل كإطار عمل لتهيئة هويات الوكلاء وإعدادات السلوك لأتمتة الأدوار المهنية المتخصصة. تتميز المنصة من خلال إدارة الجلسات ذات الحالة ومحرك البنية التحتية RAG، اللذين يسمحان للوكلاء بالحفاظ على تاريخ تفاعل طويل الأمد وتأسيس الردود في مستندات خاصة مفهرسة. توفر ميزات بنية تحتية على مستوى المؤسسات، بما في ذلك خزنة آمنة لتخزين الأسرار المشفرة وعزل قائم على الرموز لضمان خصوصية البيانات بين حسابات المستخدمين المختلفة. يغطي النظام مجموعة واسعة من القدرات بما في ذلك تنسيق تدفق العمل مع المنطق الشرطي، ومراقبة التنفيذ في الوقت الفعلي، وبرمجيات وسيطة لتتبع تكلفة الموارد. كما يتضمن أدوات لدمج واجهات برمجة التطبيقات الخاصة وخدمات الطرف الثالث، بالإضافة إلى واجهة سطر أوامر لإدارة دورات حياة الوكلاء. يمكن نشر منصة الإدارة على بنية تحتية مستضافة ذاتياً للحفاظ على التحكم في البيانات وتوافر الخدمة.
Provides secure storage for sensitive credentials using master-key encryption with runtime injection into API calls.
Encrypts all locally stored data, including preferences and item payloads, using the account master key or passcode.
OmniRoute is a unified LLM API gateway that connects multiple AI providers to a single endpoint. Its primary purpose is to simplify the integration of various AI models into tools and agents by translating different provider formats into a standardized API. The project distinguishes itself through a multi-strategy request routing system that optimizes for cost, speed, and availability, including automatic model fallbacks and a circuit-breaker resilience model to isolate provider failures. It employs a local-first security posture, using AES-256-GCM encryption to store API keys and conversatio
Stores sensitive API keys and conversation history in an AES-256-GCM encrypted database on local hardware.
FileBrowser is an open-source, self-hosted file management interface that runs as a single binary with no external dependencies. It provides a web-based interface for browsing, uploading, editing, and sharing files on a remote server, with a core architecture built on JWT-based stateless authentication and a rule-based path permission engine that controls access at the directory level. The project distinguishes itself through a comprehensive access control system that supports multi-provider authentication including OIDC, LDAP, external JWT, and two-factor authentication, alongside granular p
Translates the managed directory into the WebDAV protocol so desktop clients can mount and manage the remote filesystem.
Emulates and accelerates storage functions such as compression and encryption on the DPU.