22 Repos
Systems that provide secure, audited connectivity to database endpoints through proxy gateways.
Distinct from Database Connectivity: Distinct from general connectivity [f12_mt2]; focuses on the secure, proxied access for administration.
Explore 22 awesome GitHub repositories matching security & cryptography · Secure Database Access. Refine with filters or upvote what's useful.
JumpServer is a privileged access management platform designed to manage and audit secure access to SSH, RDP, Kubernetes, and database endpoints. It functions as a centralized gateway that brokers remote terminal and graphical sessions to isolate users from critical infrastructure. The system utilizes a web-based protocol gateway to translate remote connections into browser-compatible streams and a protocol-based proxy layer to isolate end-user devices from target assets. It incorporates security watermarking to deter unauthorized screen captures and provides a Kubernetes access gateway for c
Establishes secure sessions to database endpoints using a web-based interface and proxy connectors.
pgweb is a web-based database client and graphical administration tool for PostgreSQL. It provides a browser-based interface for executing SQL queries, inspecting schemas, and managing database objects. The tool includes a read-only mode that prevents destructive operations by blocking specific SQL keywords. It supports secure remote access to private instances through native SSH tunneling and encrypted database connections. The application covers a broad range of management capabilities, including multi-environment session management, database structure inspection, and the export of query r
Enables secure, audited connectivity to private PostgreSQL instances via encrypted tunnels and SSL.
PyMySQL is a MySQL database connector and SQL database driver for Python environments. It serves as a client library that enables Python applications to establish network connections and interact with MySQL database servers. The library is a pure Python implementation of the MySQL client-server wire protocol. This design allows for MySQL integration and data management without requiring native C extensions. The project provides capabilities for database connectivity, query execution, and secure access control. It follows the DB-API 2.0 specification to provide a consistent interface for mana
Ensures secure database access by authenticating users through a variety of secure password plugins.
MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential
Automatically locks the credential database based on system sleep, idle time, or user logout.
This project is a Java persistence generator and database mapping tool designed to produce boilerplate persistence layer code. It translates database schemas and column comments into structured Java annotations and mapping files, replacing the need for manual configuration writing. The tool provides a visual interface for generating code and manages secure database access through SSH tunneling. It allows users to connect to private databases via encrypted tunnels to safely extract schemas without exposing the database to the public internet. The system includes capabilities for database sche
Provides secure connectivity to private database endpoints through encrypted SSH tunnels for safe schema extraction.
This is a Backend as a Service SDK for Apple platforms, providing a collection of libraries that connect iOS and macOS applications to cloud databases, authentication services, and serverless infrastructure. It serves as a developer kit for integrating real-time data synchronization, file storage, and push notifications into native apps. The SDK is distinguished by its generative AI integration, which routes text and multimodal prompts between on-device models and cloud-hosted large language models. It further differentiates itself with a specialized app distribution tool for managing pre-rel
Protects database access by enforcing security rules and IAM policies based on authenticated identity.
AliSQL is a fork of MySQL by Alibaba that extends the relational database management system with enhancements for high performance, scalability, and enterprise-grade availability. It retains the core MySQL identity as a SQL-based database for storing, organizing, and retrieving structured data, while adding optimizations for large-scale transactional and analytical workloads. The project differentiates itself through a set of Alibaba-specific improvements, including a columnar engine for accelerating analytical queries directly on MySQL tables, and a distributed, shared-nothing NDB Cluster en
Authenticates users and grants or denies permissions on databases, tables, and columns to control read and write access.
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
Manages PostgreSQL users and groups, restricts client connections by host, and grants fine-grained privileges on tables and views.
Pigsty is a comprehensive database infrastructure orchestration platform designed to automate the full lifecycle of high-availability PostgreSQL clusters. It functions as an infrastructure-as-code framework that manages cluster coordination, node provisioning, and service discovery through idempotent playbooks. By integrating distributed consensus mechanisms, the platform ensures automated failover and consistent state enforcement across diverse environments, including bare metal and virtualized infrastructure. The platform distinguishes itself through a robust suite of operational capabiliti
Enforces security best practices by automating certificate authority management, SSL encryption, and granular access control rules.
deployd ist ein Echtzeit-API-Framework und ein MongoDB-Backend-as-a-Service, das die Erstellung vernetzter Interfaces ermöglicht, die Daten und Ereignisse zwischen Clients und Servern synchronisieren. Es fungiert als JavaScript-API-Middleware, die in HTTP-Server integriert werden kann, um Authentifizierung, Request-Interceptors und Echtzeitfunktionen bereitzustellen. Das Projekt bietet ein selbst gehostetes API-Management-Dashboard zur Konfiguration von Ressourceneinstellungen, zur Verwaltung von Datensammlungen und zur Überwachung des Serverstatus über ein webbasiertes Interface. Es enthält eine Echtzeit-Datensynchronisations-Engine, die Live-Datenbankaktualisierungen über Sockets an verbundene Clients sendet. Das System deckt Backend-Datenmanagement mit Schema-Validierung und rekursiven Abfragen ab sowie Benutzerauthentifizierungs-Workflows, die Sitzungen über zustandslose Anfragen und persistente Verbindungen hinweg verfolgen. Es bietet zudem Funktionen für Echtzeit-Event-Broadcasting, benutzerdefinierte API-Middleware-Erweiterung über Module und administrative Zugriffskontrolle. Das Projekt enthält ein CLI zum Bootstrapping neuer Projekte und zum Ausführen von Entwicklungsservern.
Restricts direct database API calls from untrusted clients to ensure only authorized data access is permitted.
Ockam ist ein Zero-Trust-Netzwerk-Framework, das entwickelt wurde, um den Datentransport zwischen verteilten Anwendungen mithilfe eines identitätsbasierten Netzwerk-Overlays abzusichern. Es bietet die notwendigen Primitive, um gegenseitig authentifizierte und End-to-End-verschlüsselte Verbindungen herzustellen, wodurch die Abhängigkeit von traditioneller Netzwerksicherheit auf Schichtebene entfällt. Das Projekt zeichnet sich durch die Verwendung von attributbasierter Zugriffskontrolle und verifizierbaren Anmeldeinformationen aus, um Vertrauen in großem Maßstab zu verwalten. Es implementiert kryptografische Identitätsrotation, um die Identitätskontinuität aufrechtzuerhalten, und integriert sich in hardwaregestützte Schlüsselverwaltungssysteme, um private Schlüssel innerhalb von Enklaven oder Cloud-Schlüsselverwaltungsdiensten zu sichern. Die Plattform deckt ein breites Spektrum an Fähigkeiten ab, einschließlich Multi-Hop-Binär-Routing und Relay-basiertem Netzwerk-Bridging, um disparate Netzwerke zu verbinden. Sie kann Legacy-TCP- oder Kafka-Datenverkehr in sichere Tunnel verpacken, wodurch private Dienste kommunizieren können, ohne lauschende Ports freizugeben. Zudem verwendet sie ein zustandsbehaftetes Akteur-Modell, um Nachrichten asynchron über verteilte Knoten hinweg zu verarbeiten. Die Bereitstellung wird durch Infrastructure-as-Code-Vorlagen für die Bereitstellung sicherer Knoten und Gateways in Cloud-Umgebungen unterstützt.
Provides secure, encrypted tunneling for database clients to access private database instances.
TablePro is a cross-platform database management client designed for browsing, querying, and administering both SQL and NoSQL databases. It functions as a unified workspace that integrates a code-centric SQL editor with schema visualization tools, allowing developers to manage complex data models and execute queries across diverse database engines. The application distinguishes itself through an agentic AI integration layer that connects language models directly to database tools, enabling automated query generation, optimization, and error fixing with configurable approval gates. It features
Enforces per-connection security policies ranging from read-only modes to biometric authentication requirements to prevent accidental data modification.
Dieses Projekt ist ein Kubernetes-Operator, der für die Bereitstellung und Verwaltung von PostgreSQL-Datenbankclustern in der Produktion mittels deklarativer Konfigurationen entwickelt wurde. Er fungiert als Controller, der den tatsächlichen Zustand von Datenbankclustern mit einem gewünschten Zustand synchronisiert und ein System für Hochverfügbarkeits-Orchestrierung, automatisiertes Backup und Recovery sowie containerisierte Datenbankadministration bereitstellt. Der Operator zeichnet sich durch eine umfassende Datenschutz-Suite aus, die Point-in-Time-Recovery, Multi-Mode-Backups in Cloud-Objektspeicher und Cluster-Cloning unterstützt. Er stellt kontinuierliche Verfügbarkeit durch verteilten Konsens für automatisiertes Failover sicher und unterstützt ausgefeiltes Traffic-Management durch einen integrierten Connection-Pooler. Das Projekt deckt ein breites Spektrum an operativen Fähigkeiten ab, einschließlich synchroner und asynchroner Replikation, Telemetrie-Erfassung über einen dedizierten Monitoring-Stack und sicheres Identitätsmanagement mit automatisierter TLS-Zertifikatsrotation. Es bietet zudem Tools für die Erweiterung von Speichervolumes, Datenbank-Engine-Updates und die Integration verschiedener Datenbankerweiterungen. Der Controller wird mittels anpassbarer Manifeste in einem Cluster installiert, um die deklarative Orchestrierung der Datenbankumgebung zu ermöglichen.
Defines database users and assigns specific access permissions and role attributes.
Tenancy is a multi-tenancy framework for Laravel applications designed to support SaaS architectures. It provides a comprehensive system for implementing tenant data isolation, allowing developers to choose between dedicated multi-database schemas or single-database scoping via traits. The project distinguishes itself through a robust resource isolation model that extends beyond the database to include filesystems, Redis stores, and caches. It features an event-driven lifecycle orchestrator for automating tenant provisioning and a flexible identification middleware that resolves tenants via d
Grants a database user access to both central and tenant-specific databases for cross-environment operations.
The MongoDB Python Driver is a client library and NoSQL database client used to execute CRUD operations and manage data within MongoDB databases using the Python programming language. It serves as a database connectivity library that handles authentication and connection pooling, while also providing a vector search client for managing embedding indexes and retrieving data based on semantic similarity. The driver supports both synchronous and asynchronous database driver models to perform non-blocking I/O operations and stream data from database clusters. It distinguishes itself through speci
Implements client-side field level encryption and secure authentication to protect sensitive data.
BLEUnlock ist ein macOS-Automatisierungstool und ein auf Nähe basierender System-Controller, der die Reichweite vertrauenswürdiger Bluetooth-Low-Energy-Geräte überwacht, um die Bildschirmsicherheit und hardwarebasiertes Entsperren zu automatisieren. Es fungiert als Hintergrunddienstprogramm, das Geräte in der Nähe anhand ihrer eindeutigen Kennungen und Signalstärke identifiziert und filtert, um Systemaktionen auszulösen. Das System verwaltet automatisch den Bildschirmsperrzustand, weckt das Display und entsperrt den Computer, wenn ein gekoppeltes Gerät in einen definierten Signalbereich eintritt, oder sperrt den Bildschirm und startet den Bildschirmschoner, wenn sich das Gerät aus der Reichweite entfernt. Über die Sicherheit hinaus bietet das Tool eine nähebasierte Systemverwaltung, einschließlich der Möglichkeit, die Medienwiedergabe anzuhalten oder fortzusetzen und benutzerdefinierte Shell-Skripte als Reaktion auf Sperr- und Entsperrereignisse auszuführen.
Automatically locks the computer when a recognized Bluetooth Low Energy device moves out of range.
RavenDB is a multi-model NoSQL document database designed for high-performance, ACID-compliant data storage. It persists structured information as schema-flexible JSON documents and utilizes a unit-of-work session pattern to track entity changes and batch modifications into atomic transactions. The platform is built on a distributed architecture that supports horizontal scaling through sharding and ensures high availability via multi-node, master-to-master cluster replication. The database distinguishes itself through a self-optimizing query engine that automatically creates and maintains ind
Provides secure, audited database connectivity through mutual authentication and full at-rest encryption.
adminMongo is a graphical management tool designed for the administration of MongoDB databases. It provides a visual interface for managing databases, collections, and documents, allowing users to perform administrative tasks such as creating and organizing data structures, managing indexes, and executing queries to retrieve or filter records. The application functions as a cross-platform desktop client, utilizing a containerized environment to provide a standalone experience on major operating systems. It distinguishes itself by integrating server monitoring capabilities, which track perform
Configures and protects remote or local MongoDB connections with authentication and session management to prevent unauthorized access.
TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro
Protects underlying database and indexing backends using password-protected authentication.
Sqlit is a terminal-based SQL client and database explorer designed for executing queries and managing database connections. It functions as a command line interface that provides syntax highlighting, command history, and a terminal user interface for rendering results. The tool features a discovery engine that scans local Docker sockets to automatically identify and resolve connection details for active database containers. It handles secure access through encrypted SSH tunnels and integrates with external secrets managers to retrieve credentials. The project includes capabilities for data
Secures database connectivity using encrypted SSH tunnels and external secrets managers.