38 Repos
Mechanisms for securing sensitive local data before transmission to remote services.
Distinguishing note: Focuses on local encryption for synchronization privacy, distinct from general network security.
Explore 38 awesome GitHub repositories matching security & cryptography · Client-Side Encryption. Refine with filters or upvote what's useful.
Dieses Projekt ist ein von der Community kuratiertes Verzeichnis von Open-Source-Software, die für den Einsatz in privaten Serverumgebungen und Home-Labs konzipiert ist. Es dient als umfassende Ressource zur Entdeckung unabhängiger, selbst gehosteter Alternativen zu gängigen Cloud-Diensten und ermöglicht es Nutzern, die volle Datenhoheit und Kontrolle über ihre digitale Infrastruktur zu behalten. Das Verzeichnis ist durch eine hierarchische Taxonomie strukturiert, die eine riesige Sammlung von Anwendungen in logische Kategorien organisiert, von Medienmanagement und Datenanalyse bis hin zu privater Kommunikation und Tools für die Teamproduktivität. Es zeichnet sich durch einen kollaborativen Peer-Review-Prozess aus, bei dem Community-Mitglieder die Qualität und Relevanz jeder Einreichung validieren, um sicherzustellen, dass das Verzeichnis korrekt und zuverlässig bleibt. Das Projekt deckt ein breites Spektrum an Fähigkeiten ab, einschließlich Infrastruktur-Automatisierung, containerbasierter Service-Bereitstellung und deklarativem Konfigurationsmanagement. Diese Tools unterstützen Nutzer bei der Aufrechterhaltung reproduzierbarer Serverumgebungen und der Verwaltung komplexer Service-Abhängigkeiten auf privater Hardware. Das Verzeichnis wird als versionskontrolliertes Repository gepflegt, wodurch sichergestellt wird, dass alle Updates und Community-gesteuerten Änderungen nachverfolgt und transparent sind.
Secures content within the browser before transmission so that the server never gains access to the original data.
Atuin is a command-line tool that replaces standard shell history with a searchable, encrypted SQLite database. By hooking into shell initialization scripts, it provides an interactive, keyboard-driven interface for real-time command filtering and retrieval. The platform ensures data privacy through a client-side encryption layer, securing sensitive history and configuration data before it is synchronized across multiple machines. Beyond history management, Atuin functions as an executable documentation platform that enables teams to create and share interactive runbooks. These documents use
Secures sensitive command history and configuration data locally before transmission to ensure privacy during cloud-based synchronization.
Snapdrop is a web-based local file sharing tool and progressive web app designed for transferring files between devices on the same local network. It functions as an end-to-end encrypted transfer tool that allows users to move data across different devices and operating systems without manual configuration. The service supports self-hosting through a containerized deployment model, allowing users to run private instances of the file sharing service on their own infrastructure. This ensures that data transfers remain within a private local network. The system uses a signaling server for local
Secures file data using cryptographic keys generated directly in the browser to ensure privacy during transmission.
This project is a password management backend designed to store and synchronize encrypted credentials across multiple devices and client applications. It serves as a secure central server that enables the management of secret vaults and password data. The system supports self-hosted secret storage, allowing users to run a private vault on their own hardware to maintain control over their data. It facilitates cross-platform credential syncing to keep passwords updated in real time across various operating systems. The backend is built with a REST-based API gateway, token-based session managem
Ensures server privacy by encrypting sensitive data on the user device before transmission.
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
Ensures all encryption and decryption occur exclusively on the client side, keeping plaintext inaccessible to the server.
hls.js is a JavaScript player library that enables HTTP Live Streaming playback in web browsers using the Media Source Extensions API. It functions as an adaptive bitrate streaming engine and a media streamer that manages the buffering and playback of video segments. The library features specialized capabilities for low latency streaming and digital rights management, allowing it to decrypt protected content via Encrypted Media Extensions. It includes a metadata processor for handling ID3 tags and date-range elements, as well as a pluggable loader interface to replace default network request
Coordinates with Encrypted Media Extensions to decrypt protected video segments on the client side.
Cryptomator is a client-side cloud encryption tool and cross-platform vault manager. It provides a transparent encryption layer that encrypts files and folder structures locally before they are uploaded to a cloud storage provider. The software creates virtual encrypted drives that mount encrypted vaults, allowing users to interact with their data as if it were on a physical disk. It supports the management of multiple independent encrypted containers, each protected by a unique password. The project covers data privacy through directory structure obfuscation and filename encryption to hide
Provides client-side encryption of file contents and folder structures before they are uploaded to cloud storage.
Seafile is a self-hosted file synchronization and sharing platform that provides a central server for maintaining file consistency across multiple devices. It functions as a cloud storage management system and a collaborative document suite, integrating tools for real-time teamwork and shared file management. The platform distinguishes itself through a metadata-driven file organizer that uses extensible properties and hierarchical tags instead of traditional folder structures. It includes client-side encrypted storage to protect private data using user-defined passwords before files leave the
Secures private files using user-defined passwords and client-side encryption before they leave the device.
Send is a self-hosted file transfer service designed for end-to-end encrypted file sharing. It provides a privacy-focused data transfer solution and ephemeral file storage where uploaded content is automatically deleted after a specified number of downloads or a set amount of time. The service ensures private file sharing by utilizing client-side encryption to protect data before it is uploaded. Decryption keys are distributed to recipients via URL hash fragments to ensure the server never has access to the keys. The platform supports encrypted data transfer and temporary file hosting. It us
Implements client-side encryption in the browser to ensure files are encrypted before they are uploaded to the server.
JuiceFS is a distributed file system designed to mount object storage as a local, POSIX-compliant drive. It functions as a cloud-native persistent storage layer that decouples file metadata from raw data, storing metadata in a transactional database while keeping data blocks in object storage. This architecture enables multiple hosts across different regions to access the same storage simultaneously while maintaining strong consistency. The system distinguishes itself by performing data processing, including compression and encryption, directly on the client side before transmission. By split
Performs encryption and compression on the client side before data transmission.
KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim
Decrypts database files entirely within the browser to ensure the server never accesses the master password.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Secures data by performing encryption on the client side before transmitting objects to remote storage.
Kopia is a backup utility designed to create encrypted, deduplicated, and compressed snapshots of files and directories. It functions as a client-side tool that secures data locally before transmitting it to various storage targets, ensuring that sensitive information remains protected throughout the backup process. The system utilizes content-addressable block storage and metadata-driven versioning to identify and remove redundant data across multiple snapshots. By employing a pluggable storage abstraction layer, it supports a wide range of local, network, and cloud-based storage providers,
Encrypts all data locally using user-provided keys before transmission to ensure privacy.
WeFlow is a local client extension for the WhatsApp messaging protocol. It functions as a suite of tools for decrypting media, managing chat history, and extending the core capabilities of the messaging client. The project is distinguished by its ability to block message recalls, preventing the remote deletion of sent messages to maintain a permanent record of conversations. It also includes a local messaging API that exposes internal chat capabilities via an HTTP service for use with external automation scripts and third-party tools. The software provides a chat analytics dashboard for gene
Processes encrypted binary blobs from private chats into standard image and video formats for local viewing.
The MongoDB Node.js Driver is a programmatic interface and NoSQL database client used to manage document storage and execute operations within a MongoDB database. It serves as an asynchronous database interface and connection manager that enables Node.js applications to integrate with MongoDB servers. The project implements client-side field encryption to secure sensitive data and queries locally before transmission. It also provides a BSON serialization library to convert JavaScript objects into a binary format for efficient storage and network transmission. The driver covers a broad range
Implements client-side encryption to secure sensitive local data before it is transmitted to the server.
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
Supports encrypting data locally before it is uploaded to cloud storage to ensure the provider never sees plaintext.
Laverna is an open-source note-taking application designed as a privacy-focused alternative to Evernote. It operates as a single-page application that runs entirely in the browser, combining Markdown editing with client-side encryption to ensure note content is encrypted on the device before it ever reaches a server or cloud storage. The application distinguishes itself through its offline-first architecture, storing notes locally using browser storage for full offline access and editing capabilities. It synchronizes notes across devices through a unified interface that connects to multiple b
Encrypt note content in the browser before it leaves your device, keeping data private from the server.
PrivateBin is a self-hosted, zero-knowledge text hosting service and secret sharing tool. It utilizes browser-based AES 256-bit encryption to ensure that data is encrypted on the client side before transmission, meaning the hosting server cannot read or recover the original content. The project distinguishes itself by using URL fragments to distribute decryption keys, preventing the secret key from ever being sent to the server. It supports the distribution of both encrypted text and files, which are compressed and encrypted locally prior to storage. The platform includes capabilities for an
Uses 256-bit AES encryption within the browser to ensure plaintext never reaches the server.
Solid is a protocol and ecosystem for decentralized web applications that separates application logic from data storage. It enables users to store and control their personal information in personal online data stores, known as Pods, ensuring that individuals own their data rather than the applications they use. The project provides a framework for decentralized identity and authentication using WebID and OpenID Connect, decoupling identity from central providers. It implements a resource-level permission system via Web Access Control, allowing users to grant or deny read, write, and append ac
Provides mechanisms to encrypt sensitive information at rest using keys controlled exclusively by the user.
CryptPad is a self-hosted, zero-knowledge office suite designed for real-time collaborative editing and content management. It provides a privacy-centric infrastructure where documents, files, and notes are encrypted in the browser before transmission, ensuring that the server administrator cannot access the underlying data. The platform implements zero-knowledge user authentication, utilizing cryptographic keys to verify identities so that plain text passwords are never stored on the server. To further isolate sensitive operations, the system employs a security architecture that separates th
Uses browser-based cryptography to secure shared files before they are transmitted to the server.