17 Repos
Combines masking and local-only storage to protect sensitive environment variables.
Distinct from Sensitive Variable Redaction: Distinct from Sensitive Variable Redaction: encompasses both UI masking and physical storage restrictions to prevent cloud synchronization.
Explore 17 awesome GitHub repositories matching security & cryptography · Sensitive Data Protection. Refine with filters or upvote what's useful.
Home Assistant is a local home automation platform and server that acts as an IoT device orchestrator. It integrates diverse smart home hardware by wrapping third-party APIs into a standardized logic layer and stores all system state and historical statistics on local hardware to eliminate cloud dependencies. The system functions as a Matter IoT controller and an MQTT home automation bridge, allowing for local interoperability between different manufacturers. It features a state-based entity model and an internal event bus that decouple physical device logic from system automation. The platf
Home Assistant centralizes passwords and API keys in a dedicated secrets file to prevent exposure.
Enquirer ist eine Node.js-Bibliothek zum Erstellen interaktiver Befehlszeilenschnittstellen zur Erfassung strukturierter Benutzereingaben. Sie bietet eine Reihe von Terminal-Prompts, einschließlich Menüs, Formularen und Textfeldern, um Daten über Autocomplete, Multiselect und boolesche Bestätigungen zu sammeln. Das Projekt dient als anpassbares Framework, das die Erstellung benutzerdefinierter Prompt-Typen durch eine Basisklasse und die Erweiterung der Funktionalität über eine Plugin-Architektur ermöglicht. Die Bibliothek deckt eine breite Palette von Interaktionsmustern ab, wie das Erfassen numerischer und sensibler Daten, das Validieren von Benutzereingaben gegen benutzerdefinierte Regeln und das Ausführen von Prompt-Sequenzen zur Erfassung komplexen Feedbacks. Sie enthält zudem Funktionen zum Sortieren von Listen, Ausfüllen von Text-Snippets und Verwalten der Terminal-Formularerfassung.
Allows capturing passwords and secret keys by masking or hiding keystrokes in the terminal.
Der OpenTelemetry Collector ist ein herstellerunabhängiger Proxy und eine Observability-Daten-Pipeline, die Traces, Metriken und Logs empfängt, verarbeitet und exportiert. Er fungiert als Telemetrie-Ingestion-Gateway und Multi-Backend-Monitoring-Agent, der verschiedene Datenformate für eine konsistente Verarbeitung in eine standardisierte interne Repräsentation übersetzt. Das Projekt zeichnet sich durch ein Plugin-basiertes Komponentenmodell aus, das die Integration benutzerdefinierter Receiver, Prozessoren und Exporter ohne Änderungen am Kern-Codebase ermöglicht. Es nutzt ein konfigurierbares Pipeline-System, in dem Telemetriedaten eine Sequenz von Komponenten durchlaufen, um geroutet, repliziert oder transformiert zu werden, bevor sie an externe Monitoring-Backends gesendet werden. Der Collector umfasst Funktionen für das Telemetrie-Traffic-Management, wie z. B. das Batching von Datenpunkten zur Durchsatzoptimierung und speicherbewusstes Load-Shedding, um Systemabstürze bei Lastspitzen zu verhindern. Er bietet zudem sichere Datenübertragung über verschlüsselte Kanäle und unterstützt dynamische Konfigurationsauflösung zur Laufzeit. Vorkonfigurierte Distributionen sind verfügbar, um den manuellen Einrichtungsaufwand für spezifische Umgebungen zu reduzieren.
Hides sensitive data fields during serialization to prevent secrets from appearing in logs or dumps.
Acra is an Android crash reporting framework and diagnostic data collector designed to detect failures and capture device diagnostics, system logs, and application state. It serves as an embeddable library for capturing and processing crash reports, providing a pipeline to send this data to custom backends or via email. The project features a plugin-based sender architecture that allows reports to be routed through HTTP endpoints, email clients, or proprietary backend implementations. It includes a user-controlled reporting system with preference toggles and interactive dialogs to manage user
Implements privacy protection by removing sensitive preference keys matching regular expressions from crash reports.
Moleculer is a Node.js microservices framework designed for building distributed systems. It functions as a distributed service broker, task orchestrator, and service mesh framework, enabling a decentralized architecture with built-in service discovery and load balancing. The project differentiates itself through a pluggable transport layer supporting protocols such as NATS, Redis, TCP, and Kafka, as well as a dedicated microservices API gateway that maps external HTTP and WebSocket requests to internal service actions. It includes built-in fault tolerance mechanisms, including circuit breake
Prevents sensitive configuration keys from being leaked to the service registry or other network nodes.
ZenML is an orchestration platform designed for building, deploying, and monitoring reproducible machine learning pipelines and agentic workflows. It provides a unified framework that manages the entire lifecycle of machine learning assets, from data processing and model training to the deployment of persistent inference services. By decoupling pipeline logic from underlying compute and storage, the platform enables teams to transition workflows seamlessly from local development environments to production-grade cloud infrastructure. The platform distinguishes itself through a service-oriented
Encrypts stored secrets at rest using custom keys and manages authentication tokens to ensure secure multi-replica deployments.
Linenoise ist eine leichtgewichtige C-Bibliothek für Terminal-Zeilenbearbeitung, Befehlshistorienverwaltung und asynchrone Eingabeverarbeitung. Sie fungiert als in sich geschlossene Alternative zur Erfassung von Benutzereingaben über die Kommandozeile, ohne externe Abhängigkeiten zu erfordern. Das Utility bietet einen nicht-blockierenden Input-Prozessor, der Tastaturdaten über einen Feed-Mechanismus verarbeitet, was es Anwendungen ermöglicht, Benutzereingaben und externe Ereignisse gleichzeitig zu verarbeiten. Es unterstützt die Implementierung benutzerdefinierter Shells und REPLs durch Funktionen wie callback-basiertes Autocompletion, Input-Hinting und einen zirkulären Historienpuffer für den Befehlsabruf. Die Bibliothek deckt eine breite Palette an Terminal-Schnittstellenfunktionen ab, einschließlich Raw-Mode-Input-Capture, sicherer Maskierung von Anmeldedaten für sensible Informationen und mehrzeiliger Bearbeitung. Sie enthält zudem grundlegende Bildschirmverwaltung und ANSI-Sequenz-Rendering für Cursor- und Display-Manipulation.
Hides characters typed by the user during sensitive data entry to prevent shoulder-surfing.
Legend-State is a reactive state management library for JavaScript applications that provides a centralized container for application data. It utilizes a fine-grained reactivity engine to track state access automatically, allowing developers to update and retrieve data without the need for boilerplate patterns like reducers, actions, or dispatchers. The library distinguishes itself through its hierarchical, path-based state addressing and proxy-based dependency tracking. By isolating state dependencies, it ensures that user interface updates are triggered only for the specific components that
Protects sensitive information using client-side encryption before storage or transmission.
Dieses Projekt ist ein strukturierter Bildungsleitfaden und Lehrplan zur Beherrschung von Infrastructure as Code (IaC). Es fungiert als Leitfaden für Cloud-Provisioning und DevOps-Schulungsmaterial und bietet eine Reihe von Lektionen und praktischen Übungen zur Bereitstellung und Verwaltung von Cloud-Ressourcen durch deklarative Konfiguration. Der Lehrplan deckt die Entwicklung wiederverwendbarer Module, die Orchestrierung mehrerer Umgebungen mittels Workspaces und die Verwaltung von Remote-State-Dateien mit Sperrmechanismen ab. Er enthält zudem Anleitungen zum Cloud-Secret-Management zur Sicherung sensibler Daten. Das Material umfasst grundlegende Infrastructure-as-Code-Funktionen, einschließlich Provider-Konfiguration, variablenbasierter Parametrisierung und der Verwendung dynamischer Logik und Funktionen für flexible Konfigurationen. Es adressiert zudem die Ressourcenbereitstellung und den Abruf externer Daten.
Instructs on protecting sensitive credentials using external secret management integrations.
RavenDB is a multi-model NoSQL document database designed for high-performance, ACID-compliant data storage. It persists structured information as schema-flexible JSON documents and utilizes a unit-of-work session pattern to track entity changes and batch modifications into atomic transactions. The platform is built on a distributed architecture that supports horizontal scaling through sharding and ensures high availability via multi-node, master-to-master cluster replication. The database distinguishes itself through a self-optimizing query engine that automatically creates and maintains ind
Protects stored data using authenticated encryption at the storage layer to ensure security if disk access occurs.
nconf is a configuration management library for Node.js that aggregates application settings from multiple sources into a single, unified store. It provides a centralized mechanism to manage parameters by merging data from command-line arguments, environment variables, and local files. The library distinguishes itself through a hierarchical provider system that enforces strict precedence rules when conflicting values are present. It supports atomic object merging to maintain consistent data structures and utilizes lazy loading to ensure that configuration sources are read only when accessed a
Secures private configuration values by encrypting sensitive information at rest and decrypting it during startup.
This is a desktop HTTP client application used for constructing, sending, and analyzing HTTP and GraphQL requests. It provides a graphical interface for API development and testing, including a dedicated GraphQL client with schema-driven autocomplete and validation. The project features an integrated AI assistant that generates API requests from natural language prompts. It supports a complex organization system of spaces and collections with hierarchical authentication inheritance and recursive variable resolution for dynamic request values. The tool covers a broad range of capabilities, in
Protects sensitive data through a combination of variable masking and local-only environment storage.
qsv is a high-performance command line toolkit for querying, transforming, and analyzing comma-separated value files. It functions as a data wrangling interface and a tabular data profiler, featuring a query engine capable of executing SQL statements and joins directly on flat files without requiring a database. The project is distinguished by its ability to process massive datasets that exceed available system memory. This is achieved through disk-based external memory processing, including multithreaded merge sorting, on-disk hash tables for deduplication, and lightweight file indexing for
Replaces sensitive column values with incremental identifiers to protect individual identity within datasets.
Audited is a Ruby on Rails audit log library and change data capture framework. It tracks model changes by recording previous and current attribute values during create, update, and destroy operations to maintain a complete history of database modifications. The system functions as a database versioning tool and user activity tracker. It allows for the retrieval of historical record states by timestamp or index, enables reverting models to previous versions, and associates record modifications with specific user identities and remote IP addresses. The library includes capabilities for sensit
Protects sensitive data by preventing specific columns and models from being recorded in the audit trail.
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
Encapsulates passwords in dedicated secrets to prevent exposure in configuration files.
This project provides a collection of architectural guidelines and operational standards for building secure, maintainable, and scalable server-side software systems. It establishes a framework for implementing consistent development environments, system observability, and data security practices across distributed application environments. The repository focuses on standardizing software engineering conventions to ensure environment parity and system transparency. It covers the implementation of aggregated health monitoring, request throttling, and secure data handling, including the use of
Protects sensitive information through encryption, password hashing, and externalized secret management.
My-budget is a cross-platform desktop application designed for personal finance management. It functions as a local-first budgeting tool that allows users to track income and expenses while maintaining complete control over their financial data without relying on cloud services. The application distinguishes itself by integrating automated transaction ingestion, which retrieves and parses financial records directly from banking websites. To ensure privacy, all stored transaction history and budget records are protected by local encryption using user-defined passphrases, keeping sensitive info
Protects sensitive transaction history and budget records using local encryption to ensure private information remains secure.