58 Repos
Mechanisms for securely storing and managing sensitive API keys and authentication tokens.
Distinguishing note: Focuses on the encryption layer for credentials rather than general identity management.
Explore 58 awesome GitHub repositories matching security & cryptography · Credential Encryption. Refine with filters or upvote what's useful.
Flowise is a low-code platform designed for building and deploying complex language model workflows through a visual, node-based interface. It functions as an orchestrator for autonomous multi-agent systems, allowing users to construct conversational pipelines by connecting language models, memory stores, and external tools on a drag-and-drop canvas. The platform distinguishes itself through its support for sophisticated agentic patterns, including supervisor-worker delegation and iterative reasoning strategies. Users can design directed acyclic graphs to manage conditional branching, state p
Stores sensitive third-party API keys in an encrypted database for secure reuse.
This project is an agentic framework designed to enable autonomous web navigation and browser automation. It functions as a controller that translates natural language instructions into deterministic browser actions, allowing agents to interact with websites, perform data extraction, and manage complex authentication flows. By leveraging accessibility trees and semantic element resolution, the framework mimics human-like navigation, moving beyond brittle DOM selectors to interact reliably with modern web interfaces. The framework distinguishes itself through its focus on secure, scalable exec
Encrypts stored browser credentials and session data to protect sensitive information at rest.
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Secures OAuth credentials at rest by wrapping storage backends with encryption layers.
WaveTerm is a cross-platform terminal emulator that integrates artificial intelligence, graphical widgets, and remote session management into a unified, block-based workspace. By rendering the interface through a web-based engine, it allows users to organize their development environment into a grid of resizable, independent blocks that can host shells, interactive web content, and system monitoring tools. The platform distinguishes itself by embedding intelligent models directly into the command-line interface, enabling automated code generation, terminal output analysis, and multimodal file
Stores sensitive authentication keys in the system's native encrypted keychain to prevent exposure within configuration files.
vue-admin-better is a Vue 3 admin dashboard template and framework used for creating data-driven backend management systems. It provides a responsive admin UI kit with pre-built page templates and layouts that adapt to desktop, mobile, and tablet screens. The framework features a dynamic route management system that renders application navigation and page access based on configurations received from a remote server. It includes a mock API development environment for generating and exporting simulated backend data, enabling frontend development to proceed without a live API. The project imple
Provides encryption for login credentials during transmission to prevent unauthorized access during the authentication process.
Upptime is a monitoring system that uses GitHub Actions to check endpoint availability and track response times. It functions as an HTTP availability checker and a static status page generator, converting uptime data into a branded website hosted on GitHub Pages. The project integrates a GitHub Issues incident manager to automatically create and close tracking tickets for service outages and recovery. It provides a JSON status badge provider to expose uptime percentages and response times for use in external visual badges. The system covers website uptime monitoring and service performance t
Encrypts sensitive credentials used in URLs and headers to prevent exposure in public configurations.
WeKnora is a multi-tenant retrieval-augmented generation (RAG) knowledge platform and autonomous AI agent framework. It transforms raw documents into queryable knowledge bases and integrates large language models with vector databases to provide grounded AI responses. The system also functions as a Model Context Protocol (MCP) tool server, exposing knowledge search and agentic capabilities to external AI clients. The platform distinguishes itself through an autonomous agent framework that utilizes iterative reasoning, tool calling, and web search to solve multi-step tasks. It implements a sta
Protects sensitive API keys using AES-256-GCM encryption with support for key rotation.
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Extracts plaintext content from encrypted communication across various libraries without needing CA certificates.
Gluetun is a Docker VPN client gateway that routes network traffic from other containers through secure WireGuard or OpenVPN tunnels. It serves as a network gateway to mask origin IP addresses and provides a firewall kill switch that blocks all outbound traffic unless it is destined for the active VPN server. The project supports multiple commercial VPN providers and can maintain several simultaneous connections using custom configuration files. It includes an integrated proxy server stack hosting SOCKS5, HTTP, and Shadowsocks servers to tunnel TCP and UDP traffic. Security is managed throug
Securely manages provider credentials by storing and retrieving them from encrypted local files to avoid plaintext exposure.
kkFileView is a Spring Boot-based file preview server that provides a universal document viewer for rendering office files, PDFs, images, and 3D models directly in a web browser. It functions as a secure document rendering service that allows users to view a wide variety of file formats without requiring local software installations. The project distinguishes itself through specialized CAD to SVG conversion, transforming complex drawings into web-compatible formats. It includes a RESTful file preview API that allows these rendering capabilities to be integrated into external business applicat
Decrypts password-protected office documents and compressed archives to enable online previewing.
Automatisch is an open-source, self-hosted automation platform designed to orchestrate multi-stage workflows across various third-party web services. It functions as a no-code integration engine that allows users to connect disparate applications, enabling the automated movement of data and the execution of tasks without manual intervention. By running the platform on private infrastructure, users maintain full control over their data and ensure compliance with internal security policies. The platform distinguishes itself through a focus on secure, local credential management and flexible int
Provides secure, encrypted storage for third-party API credentials and authentication tokens within the local infrastructure.
Nightingale is a Prometheus-compatible monitoring and alerting platform designed to centralize telemetry management across multiple time-series databases. It functions as a multi-source alerting engine and metric data pipeline that ingests telemetry via remote write protocols and triggers alarms based on data from sources such as Prometheus, Elasticsearch, Loki, and ClickHouse. The system is distinguished by its automated alert healing system, which executes predefined scripts and RPC-based corrective actions when monitoring thresholds are breached. It supports distributed alert processing, a
Uses RSA encryption for user passwords during login to prevent plain-text exposure during transmission.
NoFx is an autonomous trading platform designed to orchestrate financial workflows through artificial intelligence and multi-asset exchange connectivity. It functions as a comprehensive infrastructure for executing automated trading strategies, integrating language models for market analysis, and managing secure interactions across both centralized and decentralized financial platforms. The platform distinguishes itself through a multi-model strategy ensembling approach, which runs several artificial intelligence models in parallel to evaluate and select the most effective trading decisions b
Encrypts API keys and private credentials using industry-standard protocols to prevent unauthorized access to trading accounts.
LaZagne is a cross-platform credential recovery tool designed to extract passwords and secrets from operating systems, browsers, and applications. It functions as a security utility for retrieving stored credentials from compromised systems during penetration testing. The tool provides capabilities for decrypting domain credentials and extracting sensitive data from system storage, including memory dumps, credential managers, keychains, and password hashes. It recovers stored passwords from common software by accessing plaintext files, APIs, and local databases. The project supports digital
Unlocks and retrieves encrypted domain credentials using discovered or provided system passwords.
Meshery is a service mesh management plane and cloud native infrastructure orchestrator. It provides a visual design-as-code environment for modeling microservices and infrastructure components through declarative blueprints, functioning as a centralized platform for designing, deploying, and managing service mesh infrastructure. The platform is distinguished by its ability to translate visual designs into active deployments and its use of gRPC-based adapters to integrate with diverse infrastructure providers. It features a multi-tenant architecture that manages shared workspaces and role-bas
Encrypts authentication data at rest and restricts access through fine-grained permissions to prevent exposure.
Sub-Store is a proxy subscription management server that aggregates multiple subscription links into a single unified stream for distribution to various clients. It functions as a transformation pipeline that filters, modifies, and reformats proxy node metadata. The system acts as a cross-platform format converter to ensure compatibility across diverse client applications. It includes an encryption decryption gateway that uses private keys to handle age-standard encrypted subscription content and a cache-layered aggregator to reduce external requests. The server provides capabilities for dyn
Uses a private key to decrypt content encrypted with the age standard before processing.
pypdf is a Python library for parsing, manipulating, and generating PDF documents. It provides high-level operations for document processing, such as merging multiple files into one or splitting a single document into smaller files. The project includes specialized tools for managing interactive elements, including the creation and modification of annotations, hyperlinks, and form fields. It also supports advanced metadata management, allowing for the extraction and modification of standard document properties and XML-based XMP metadata. Beyond basic structural changes, the library covers pa
Implements utilities to remove AES encryption from PDF files to enable content processing.
RoboMongo is a cross-platform database manager and graphical interface for administering MongoDB databases. It serves as a shell integrated development environment and query tool for managing NoSQL data stores and exploring collections across multiple server instances. The application provides a visual environment for writing and executing modern JavaScript scripts and native shell commands. It includes capabilities for running aggregate queries with paginated results and supports side-by-side views for comparing data outputs. The tool covers remote database connectivity through SSH tunnelin
Encrypts sensitive connection strings and passwords locally to prevent unauthorized access to configuration files.
aws-vault is a secure credential manager and command-line wrapper for AWS. It stores long-term identity keys using the native operating system secure keystore to prevent plaintext secrets from residing on disk. The tool orchestrates the exchange of long-term credentials for short-lived temporary sessions by assuming IAM roles, with support for multi-factor authentication and integration with AWS Identity Center for single sign-on access. It prevents credential exposure by injecting these temporary tokens directly into subprocesses or by simulating local metadata endpoints for software develop
Encrypts long-term credentials using the operating system native secure keystore or encrypted files.
Arize Phoenix is an LLM observability platform and evaluation framework designed to capture execution traces and monitor large language model applications. It serves as a prompt management system for versioning and testing templates, and as a self-hosted AI operations infrastructure for managing telemetry and experiments. The platform differentiates itself through a specialized embedding visualization tool used to detect data drift and optimize vector search. It provides a comprehensive evaluation suite that utilizes judge-based evaluators and ground-truth datasets to score model outputs, and
Encrypts and stores API keys in a database to prevent exposure while allowing reference by name.