31 repositorios
Tools and utilities for encrypting files and directory structures at rest to ensure data privacy.
Distinguishing note: Focuses specifically on file-system level encryption for storage backends rather than general-purpose network or application-layer cryptography.
Explore 31 awesome GitHub repositories matching security & cryptography · Storage Encryption. Refine with filters or upvote what's useful.
rclone is a command-line utility and sync engine for managing, synchronizing, and migrating files across numerous cloud storage providers. It functions as a storage management tool that enables bidirectional or one-way synchronization between local filesystems and remote cloud backends. The project acts as a unified cloud storage gateway, capable of merging multiple remote providers into a single directory tree. It further provides a filesystem mount to expose remote cloud storage as a local disk for direct operating system access and a transparent encryption wrapper to secure data before it
Applies transparent encryption to files before they are uploaded to remote storage providers.
Alist is a unified cloud storage gateway that aggregates disparate remote storage providers into a single, navigable virtual file system. By acting as a remote file system proxy, it decouples file operations from specific provider implementations, allowing users to browse, download, and manage files across heterogeneous backends through a standardized interface. The platform utilizes a driver-based storage abstraction that translates generic file system operations into provider-specific API calls. This architecture supports a wide range of cloud storage services, S3-compatible object storage,
Obfuscate files and directory names within a storage backend to protect data privacy by using a password and salt for secure encryption of remote paths.
This project is a build orchestration engine and development toolkit designed for managing large-scale monorepos. It provides a unified workspace environment that maps project relationships and dependencies, enabling the system to perform intelligent impact analysis and execute only the tasks affected by specific code changes. The system distinguishes itself through a persistent daemon that monitors file changes for near-instant feedback and a content-addressable caching mechanism that stores task outputs to prevent redundant computation across local and remote environments. It further suppor
Encrypts task outputs locally before transmission to remote caches to ensure data privacy.
This project is a reactive, offline-first NoSQL database engine designed for JavaScript applications. It provides a robust framework for managing application state by synchronizing data across browsers, mobile devices, and server-side runtimes. By treating local storage as the primary source of truth, it enables applications to remain functional without network connectivity, automatically reconciling changes with remote backends once a connection is restored. The database distinguishes itself through a modular architecture that supports cross-environment synchronization and high-performance d
Protects sensitive information by securing stored data at rest to ensure user privacy and confidentiality.
This project is a comprehensive security hardening and privacy management guide for macOS. It provides a set of instructions and checklists for reducing the system attack surface through manual configuration, policy enforcement, and a layered defense strategy. The guide emphasizes a system auditing framework, using binary analysis, system logs, and packet inspection to verify that security controls and application sandboxing are functioning as intended. It offers tool-agnostic recommendations, defining security goals while allowing users to select their own third-party software for implementa
Instructs on requiring passwords for disk access to protect the boot process and secure stored data.
This project provides a comprehensive, modular framework for auditing and hardening personal digital and physical security. It functions as a structured, platform-agnostic knowledge base that breaks down complex security standards into granular, actionable tasks. By utilizing a static documentation architecture, the project ensures that its guidance remains accessible and transparent, allowing users to track their security posture incrementally through a persistent, manual progress-tracking system. The project distinguishes itself by bridging the gap between digital cybersecurity and physical
Protects data at rest using hardware-based encryption modules or software-defined volumes that remain inaccessible without credentials.
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
Protects persistent message data by applying encryption to ensure information remains secure even if the underlying storage is compromised.
This project is a command-line utility designed to manage database schema versioning and automate incremental schema updates. It functions as a version control system for database structures, ensuring consistency across environments by tracking applied migrations in a dedicated metadata table and executing scripts in a sequential, reliable manner. The tool distinguishes itself through a driver-based abstraction layer that supports a wide range of database engines, including various SQL and distributed cloud databases. It provides robust concurrency control through advisory locking, which prev
Supports securing database storage by applying encryption to underlying files at rest.
This project is a local-first task manager and time tracking tool designed to consolidate work items from multiple external project management platforms into a single, unified interface. By prioritizing local data sovereignty, it ensures that all task lists, time logs, and application states remain on the user's device, providing full functionality in offline environments while maintaining privacy. The application distinguishes itself through a focus on deep work and structured productivity rituals. It integrates distraction-free modes, configurable focus timers, and automated time tracking t
Applies local encryption to data before synchronization to ensure privacy and security on external storage providers.
Transfer.sh is a self-hosted file storage server designed for rapid data sharing through a command-line interface. It functions as an encrypted hosting platform that allows users to upload and download files using standard HTTP requests, facilitating direct data transfer between systems without the need for external accounts or complex configurations. The service distinguishes itself by processing data as continuous streams, which minimizes memory usage during large transfers. It provides granular control over file availability through automated lifecycle management, allowing administrators t
Protects sensitive data at rest and in transit using client-side or server-side encryption.
Cryptomator is a client-side cloud encryption tool and cross-platform vault manager. It provides a transparent encryption layer that encrypts files and folder structures locally before they are uploaded to a cloud storage provider. The software creates virtual encrypted drives that mount encrypted vaults, allowing users to interact with their data as if it were on a physical disk. It supports the management of multiple independent encrypted containers, each protected by a unique password. The project covers data privacy through directory structure obfuscation and filename encryption to hide
Encrypts files and directories locally before uploading them to cloud services to ensure privacy.
Seafile is a self-hosted file synchronization and sharing platform that provides a central server for maintaining file consistency across multiple devices. It functions as a cloud storage management system and a collaborative document suite, integrating tools for real-time teamwork and shared file management. The platform distinguishes itself through a metadata-driven file organizer that uses extensible properties and hierarchical tags instead of traditional folder structures. It includes client-side encrypted storage to protect private data using user-defined passwords before files leave the
Secures private data using client-side encryption and passwords before files are transmitted to the server.
JuiceFS is a distributed file system designed to mount object storage as a local, POSIX-compliant drive. It functions as a cloud-native persistent storage layer that decouples file metadata from raw data, storing metadata in a transactional database while keeping data blocks in object storage. This architecture enables multiple hosts across different regions to access the same storage simultaneously while maintaining strong consistency. The system distinguishes itself by performing data processing, including compression and encryption, directly on the client side before transmission. By split
Splits files into encrypted segments stored in object storage to ensure data privacy.
TheZoo is a centralized repository and management system designed for the storage, organization, and retrieval of live malicious software samples. It provides a structured environment for security researchers and educators to access, track, and analyze dangerous code for the purpose of threat intelligence and defense development. The system utilizes a command-line interface to manage the lifecycle of malware samples, including the preparation of new submissions and the querying of a centralized database. To ensure safety and authenticity, the platform stores binaries in password-protected, en
Secures dangerous software samples in encrypted environments to prevent accidental execution while maintaining research availability.
greenDAO is an object-relational mapping library for Android that maps Java objects to SQLite databases. It provides infrastructure for high-performance data persistence by translating data objects into database records and vice versa. The library implements a type-safe query builder for retrieving records across multiple entities using joins and relationship chaining. It also includes a security layer that provides full-disk encryption for the SQLite database to prevent unauthorized access to stored information. The system utilizes compile-time code generation to create mapping classes, avo
Applies full encryption to the stored SQLite database file to prevent unauthorized access.
WCDB is a cross-platform storage layer and embedded database engine that serves as a framework for SQLite. It functions as an object relational mapper, linking application classes to database tables to enable data operations via objects rather than raw queries. The project is distinguished by an integrated encryption layer for securing data at rest and a full-text search engine that uses language-specific tokenizers for text lookups. It also features transparent field compression to reduce storage footprints and a connection-pooling model to coordinate simultaneous read and write operations a
Provides an integrated encryption layer that secures the database file at rest to prevent unauthorized access.
VeraCrypt is a cross-platform disk encryption utility used to create encrypted file containers and secure entire disk partitions. It functions as a tool for full disk encryption and a manager for encrypted volumes, providing a means to protect sensitive data on local disks and removable media across multiple operating systems. The software is distinguished by its support for plausible deniability, allowing the creation of hidden volumes nested within other encrypted volumes to conceal the existence of data. It also implements hardware-based access control, requiring physical security tokens,
Transforms legacy encrypted containers and partitions into modern formats while preserving access to existing data.
react-native-mmkv is a synchronous mobile persistence system that provides an encrypted key-value store for mobile applications. It serves as a high-performance wrapper for the MMKV storage engine, eliminating asynchronous overhead by reading and writing values directly to disk. The project distinguishes itself through shared app group storage, which allows data access across multiple application extensions via a shared filesystem directory. It also provides state-synced storage hooks that automatically trigger component updates when stored key-value pairs change. The system covers a broad r
Points the storage engine to a shared filesystem directory to enable data access across multiple application extensions.
Solid is a protocol and ecosystem for decentralized web applications that separates application logic from data storage. It enables users to store and control their personal information in personal online data stores, known as Pods, ensuring that individuals own their data rather than the applications they use. The project provides a framework for decentralized identity and authentication using WebID and OpenID Connect, decoupling identity from central providers. It implements a resource-level permission system via Web Access Control, allowing users to grant or deny read, write, and append ac
Implements encrypted storage for sensitive data within a Pod to ensure privacy at rest.
Paperless is a self-hosted document management system designed to digitize, index, and archive paper documents. It functions as an optical character recognition system that converts scanned images and PDFs into a searchable digital library, providing a web-based interface for querying and retrieving documents from a database. The system features an automated file ingestion pipeline that monitors specific directories and email inboxes to process and import documents without manual uploading. To maintain a private archive, it includes on-disk encryption for sensitive files and the ability to or
Provides on-disk encryption for sensitive documents and performs decryption during user downloads.