29 Repos
Tools and configurations for securing data in transit using cryptographic protocols.
Distinguishing note: Focuses specifically on TLS/SSL network traffic encryption for database communication.
Explore 29 awesome GitHub repositories matching security & cryptography · Network Encryption. Refine with filters or upvote what's useful.
Apache Spark is a unified distributed data processing engine designed for large-scale data analysis and computation graphs. It functions as a distributed machine learning framework, a graph processing system, a real-time stream processor, and a SQL analytics engine. The system enables the execution of distributed SQL querying, large-scale graph analysis, and real-time stream analytics across clusters of machines. It also provides a scalable environment for implementing machine learning algorithms and predictive model development on massive datasets. The engine incorporates relational query e
Secures data in transit between cluster services using cryptographic TLS/SSL network traffic encryption.
RethinkDB is a distributed, document-oriented database designed to store and manage JSON-formatted data across scalable clusters. It utilizes a custom log-structured storage engine with B-Tree indexing to ensure high-performance disk I/O and data persistence. The system maintains high availability through automatic sharding and replication, employing a primary-replica voting consensus mechanism to handle node failures and ensure consistent cluster operations. A defining characteristic of the platform is its reactive changefeed engine, which allows applications to subscribe to live data update
RethinkDB encrypts network traffic between servers, clients, and the web interface by generating certificates and configuring the server for secure communication.
Pingora is a Rust-based framework for building high-performance network services, including HTTP reverse proxies, layer seven load balancers, and TLS termination proxies. It serves as an asynchronous network library designed to intercept and route HTTP, gRPC, and WebSocket traffic between clients and upstream backend servers. The project enables zero-downtime service updates by handing over listening sockets between processes during binary or configuration upgrades. It utilizes a programmable multi-phase pipeline to modify request and response bodies and headers, and it provides a pluggable T
Secures communications between clients and servers using industry standard TLS encryption libraries.
Cilium is a networking, security, and observability platform for containerized environments that leverages kernel-level data paths to process traffic. By executing programs directly within the Linux kernel, it provides high-performance packet filtering, routing, and load balancing without the need for traditional user-space proxies or context switching. The platform distinguishes itself through identity-based security enforcement, which filters traffic based on service labels rather than volatile IP addresses. It integrates containerized workloads with external physical or virtual infrastruct
Secures data in transit between nodes by automatically encrypting packets to prevent unauthorized interception.
RocketMQ is a distributed messaging and streaming platform designed for building event-driven applications. It serves as middleware to decouple services using publish-subscribe and request-reply patterns, and functions as a transactional messaging system that ensures atomicity by linking message delivery to local transaction outcomes. The platform includes specialized capabilities as a Kubernetes-native message broker for container orchestration environments and an MQTT broker for ingesting event data from mobile applications and hardware terminals. The system covers high-throughput data str
Uses cryptographic functions to secure data transmissions between services, ensuring authentication and privacy.
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Encrypts communication between distributed proxy nodes using TLS certificates and server pinning.
This is a header-only C++ library that provides implementations for HTTP clients, HTTP servers, and a WebSocket framework. It allows for the creation of network services and the consumption of remote APIs without requiring a separate compilation step or external binary linking. The project features backend-agnostic TLS integration for secure HTTPS and WSS communication and employs a thread-pool model to process concurrent requests. It distinguishes itself with a full-duplex WebSocket state-machine and a middleware-based request pipeline that supports regular-expression path routing. The libr
Implements TLS encryption for secure HTTPS and WSS communication through a backend-agnostic interface.
This project is a high-performance MQTT broker and IoT data platform designed to manage millions of concurrent device connections. It provides a scalable infrastructure for ingesting, processing, and routing telemetry data across distributed systems, utilizing an actor-based concurrency model to maintain high availability and state synchronization across cluster nodes. The platform distinguishes itself through integrated stream processing and edge computing capabilities. It allows users to execute declarative SQL-based rules directly against incoming message streams for real-time filtering, t
Secures data in transit using encryption and supports private network connectivity to protect sensitive communications.
Floci is a local emulator for AWS services and cloud infrastructure designed for developing and testing applications without a live internet connection. It serves as a containerized cloud emulator and a serverless runtime emulator, allowing users to run high-fidelity replicas of cloud databases, queues, and compute services on a local machine. The project distinguishes itself by using real container images instead of simple mocks to ensure behavioral accuracy. It functions as a local API gateway simulator with proxy-based routing for REST and WebSocket APIs, and provides a serverless environm
Secures all emulated service endpoints using self-signed or custom certificates to mimic production TLS encryption.
Memcached is a high-performance, distributed, in-memory key-value storage and request routing engine. It functions as a volatile data store designed to accelerate dynamic applications by caching objects in RAM, thereby reducing backend database load and providing sub-millisecond response times. The system utilizes a specialized architecture that organizes memory into fixed-size slabs to minimize fragmentation and maximize throughput for high-concurrency workloads. The project distinguishes itself through a multi-threaded, lock-friendly design that scales across CPU cores and supports complex
Secures data in transit between clients and the server using cryptographic protocols to prevent unauthorized access.
Revel is a full-stack web framework and toolkit for building applications with the Go language. It implements a model-view-controller architecture to separate business logic from user interface rendering, providing a comprehensive system for routing, parameter binding, and session management. The project distinguishes itself with a high-productivity development environment featuring automatic code compilation and hot-reloading, which refreshes the application state and templates upon file changes without requiring manual restarts. It also employs reflection-based parameter binding to automati
Encrypts network communication by loading SSL certificates and keys to serve the application over HTTPS.
Mongoose is an embedded networking library providing TCP/IP stacks, web server hosting, and IoT device connectivity. It enables microcontrollers and desktop systems to implement network protocols including HTTP, WebSocket, and MQTT. The project provides a bare-metal TCP/IP stack for environments without a native operating system and includes built-in TLS and ECC encryption to secure network traffic. It features a binary-embedded file system to serve web content directly from the executable and supports over-the-air firmware updates for managing device fleets. Additional capabilities cover as
Provides a built-in security layer using TLS and ECC to encrypt network traffic.
KeyDB is a multithreaded in-memory key-value store and distributed cache. It functions as a NoSQL database utilizing multi-version concurrency control to execute non-blocking queries and scans. The project is a multithreaded fork of Redis that maintains protocol compatibility while utilizing a multithreaded architecture to scale across multi-core hardware. It distinguishes itself with flash-tiered storage, allowing the system to offload data from primary RAM to SSD or flash storage to increase total capacity. The system supports high availability through active-active mesh replication and mu
Secures data in transit between clients and the server using cryptographic protocols.
This project provides a set of development guidelines and architectural recommendations for building iOS applications. It focuses on structuring Swift applications to decouple business logic from the user interface to improve testability and maintenance. The project covers specific implementation standards for security, such as using keychain storage for sensitive data and TLS certificate pinning for network traffic. It also defines patterns for code quality enforcement through static analysis and compiler configurations, as well as strategies for asset and localization management. The guide
Secures network traffic using TLS and implements certificate pinning to prevent man-in-the-middle attacks.
Talos is a minimal, immutable Linux distribution designed specifically for deploying and managing Kubernetes clusters. It functions as an API-driven infrastructure manager that replaces traditional shell access with a declarative gRPC interface to control operating system state and configuration. The system is distinguished by its use of a read-only root filesystem and a security-hardened kernel, which removes standard GNU utilities to reduce the attack surface. It ensures environment consistency by distributing the operating system as versioned, signed images and utilizes TPM-backed verified
Secures all network traffic using rotating certificates and key-based authentication for administrative communication.
Nezha is a multi-server infrastructure monitor and website uptime monitor that provides a centralized dashboard for tracking real-time resource utilization and system health. It functions as a protocol server and alerting engine, utilizing remote agents to collect telemetry data across multiple operating systems. The system distinguishes itself with a web-based remote administration interface, allowing users to execute maintenance commands and manage scheduled tasks on remote hosts via a browser-based terminal. It also integrates a Model Context Protocol server to provide a secure HTTP entry
Supports HTTPS listeners with certificates and keys to encrypt data transmission from interception.
GameNetworkingSockets is a UDP networking library providing secure transport, peer discovery, and traffic control systems. It implements a networking layer for reliable and unreliable messaging over UDP, including tools for message fragmentation and reassembly. The project features a peer-to-peer NAT traversal tool for establishing direct host-to-host connections by punching through firewalls and network address translation layers. It secures network traffic through encrypted transport and secure key exchange. The library includes a traffic manager to organize data into prioritized lanes to
Secures peer-to-peer network traffic using cryptographic protocols and secure key exchange.
Seastar is a C++ server application framework and asynchronous programming library designed for building high-performance, shared-nothing server applications. It functions as a high-performance I/O engine providing direct disk and network access through a shared-nothing framework that partitions data and execution across CPU cores. The framework distinguishes itself through a thread-per-core architecture that eliminates locking and resource contention by assigning one execution thread to each physical CPU core. It implements a userspace TCP/IP stack and kernel-bypass techniques, integrating w
Provides TLS encryption for secure communication between clients and servers.
dockerlabs is a collection of educational labs and technical tutorials designed to teach the fundamentals of containerization and microservice architecture. It provides instructional material and hands-on exercises covering image optimization, security training, infrastructure setup, and cluster orchestration. The project features specific courses and guides focused on reducing image size through multi-stage builds, securing workloads via vulnerability scanning and encrypted networks, and deploying multi-node clusters with high availability using Swarm orchestration. The materials cover a br
Covers the configuration of encrypted overlay networks to protect data transmitted between containerized services.
CloudNativePG is a Kubernetes operator designed for the administration, lifecycle management, and high availability of PostgreSQL database clusters. It functions as a declarative orchestrator that manages database instances through custom resources and manifests. The project distinguishes itself by automating complex operational tasks, including primary election and failover management via streaming physical replication. It provides specialized tools for database version migrations, supporting both offline in-place upgrades and online migrations through logical replication. The operator cove
Encrypts in-transit network traffic using certificates and supports both auto-generated and external credentials.