26 dépôts
Practices and tools for securing stored data against unauthorized access.
Distinguishing note: Focuses on the application of security policies to backup data specifically.
Explore 26 awesome GitHub repositories matching security & cryptography · Data Security. Refine with filters or upvote what's useful.
This project is a command-line utility designed for secure, content-addressable data archiving. It functions as an encrypted backup tool that stores data as deduplicated chunks, ensuring that every piece of information is identified by a cryptographic hash to maintain integrity across all backups. By applying strong encryption and message authentication codes to both data and metadata, the software prevents unauthorized access and detects potential tampering. The tool distinguishes itself through a backend-agnostic storage abstraction that allows users to maintain repositories across diverse
Protects backup data against unauthorized access and tampering by applying strong encryption and message authentication codes.
This project is a feature-rich Go client library designed for interacting with Redis. It serves as a comprehensive interface for managing remote data stores, enabling developers to execute standard database commands, handle complex data structures, and perform asynchronous operations within Go applications. The library distinguishes itself through its support for advanced Redis capabilities, including connection pooling, pipelining, and transactional integrity. It provides specialized primitives for managing distributed clusters, including automated topology updates and request routing to sha
Protects data in transit using private networking and external secret stores during synchronization processes.
This project is a local-first task manager and time tracking tool designed to consolidate work items from multiple external project management platforms into a single, unified interface. By prioritizing local data sovereignty, it ensures that all task lists, time logs, and application states remain on the user's device, providing full functionality in offline environments while maintaining privacy. The application distinguishes itself through a focus on deep work and structured productivity rituals. It integrates distraction-free modes, configurable focus timers, and automated time tracking t
Stores all user information and activity logs on the device to prevent external tracking.
Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo
Synchronizes security frameworks and scan results between the local cluster and remote services.
This project provides a set of development guidelines and architectural recommendations for building iOS applications. It focuses on structuring Swift applications to decouple business logic from the user interface to improve testability and maintenance. The project covers specific implementation standards for security, such as using keychain storage for sensitive data and TLS certificate pinning for network traffic. It also defines patterns for code quality enforcement through static analysis and compiler configurations, as well as strategies for asset and localization management. The guide
Defines standards for storing passwords and authentication tokens in a secure system keychain.
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Stores Docker registry credentials securely using the native macOS keychain for authentication.
Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst
Dumps and modifies sensitive items stored within a device's secure keystore.
MJExtension is a JSON serialization library and model mapping framework used to convert data between JSON strings and structured model objects. It functions as an object data mapper that handles the encoding and decoding of complex object hierarchies for network transmission and storage. The framework is a non-intrusive data mapper that uses reflection and runtime inspection to map raw data strings to application objects. This approach allows for data transformation without requiring base class inheritance, decorators, or extensions to the underlying model classes. The system supports recurs
Provides utilities to archive and retrieve model properties for reliable data storage.
KeychainAccess is a Swift library used for storing and retrieving encrypted data within the Apple system keychain across iOS and macOS. It provides a type-safe interface for managing sensitive information and user credentials on iOS, macOS, tvOS, and watchOS. The library includes a biometric authentication interface that requires FaceID or TouchID verification with custom prompts before accessing specific secure items. It also enables the synchronization of credentials across Apple devices via a cloud keychain and provides a manager for sharing login credentials between native applications an
Provides a Swift interface for storing and retrieving encrypted credentials in the Apple system keychain.
jrnl is a command-line journaling tool used for recording dated entries and managing personal journals directly from a terminal. It functions as an encrypted plain-text journal system that protects private entries through encryption and integration with native system keychains. The project includes a calendar-based activity tracker that visualizes entry frequency and patterns using a heatmap layout. It also serves as a data utility for exporting journal entries into formats such as Markdown, JSON, YAML, and XML. The system supports multi-journal management for different life areas and provid
Integrates with native system keychains to securely store and retrieve encryption passwords.
IceCubesApp is a native iOS social networking client built with SwiftUI. It serves as an ActivityPub and Mastodon client, providing a mobile interface for interacting with decentralized servers. The application functions as a multi-account manager, allowing users to authenticate and switch between several different social media profiles within a single interface. The software includes an AI-enhanced text editor used to refine, shorten, or generate descriptive text for posts. These artificial intelligence tools assist in writing and generating alt-text for uploaded images. The platform covers
Uses the native system keychain for secure storage of authentication tokens and credentials.
Keka is a file compression and archive extraction utility designed for macOS and iOS. It functions as a tool to shrink the size of files and folders to optimize storage and speed up data transfers. The application serves as an encrypted archive manager, allowing users to protect compressed files with passwords and encryption to ensure private data sharing and secure transmission. The software covers broad capabilities in file archiving, including the ability to compress data into archival formats and unpack various archive formats to restore original content to the local system.
Restricts access to archived files using security settings to keep data confidential.
Specs is a centralized package metadata repository and distribution service for the Apple platform. It serves as a public index of library specifications, enabling the discovery, resolution, and installation of third-party frameworks for iOS and macOS projects. The project provides a podspec distribution service that hosts and validates library specifications to ensure reproducible dependency resolution. It utilizes a Git-based collection of structured specifications and a REST API to manage library publishing, ownership, and versioning. The system encompasses comprehensive capabilities for
Stores sensitive API tokens and credentials in the system keychain to keep them out of code.
TypeSpec is a language for defining cloud API shapes and generating OpenAPI, JSON Schema, and client/server code from a single source of truth. It functions as a protocol-agnostic API designer that models REST, gRPC, and other API protocols using a unified, extensible syntax, with a decorator-based metadata system for attaching metadata, validation rules, and lifecycle visibility to API models and operations. The compiler produces OpenAPI 3.0 specifications and other artifacts, and the tool supports declaring API versions and tracking changes to models, properties, and operations across releas
Copies properties between models using the spread operator for reuse without inheritance.
Uses distinct bundle IDs per build configuration and consistent signing to avoid repeated Keychain access requests for license storage.
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
Shares blocked and allowed IP lists among a group of servers to maintain consistent security policies.
SAMKeychain est un gestionnaire de trousseau Objective-C fournissant une interface programmatique pour créer, lire et supprimer des identifiants sécurisés stockés dans le trousseau système macOS et iOS. Il sert de wrapper léger pour gérer les mots de passe et les données sensibles sur les plateformes Apple. Le projet fournit une API unifiée qui abstrait les différences d'implémentation entre macOS et iOS. Il enveloppe les API C de bas niveau dans des classes Objective-C pour fournir une interface orientée objet pour interagir avec le démon de sécurité système. La bibliothèque couvre le stockage sécurisé des identifiants et le contrôle d'accès, incluant la capacité de stocker, récupérer et supprimer des mots de passe de compte et des jetons d'authentification dans un stockage persistant chiffré.
Implements direct integration with the system security daemon for encrypted persistent storage of sensitive data.
Knuff est un outil de débogage de bureau conçu pour tester les charges utiles (payloads) du service Apple Push Notification. Il permet la livraison de charges utiles JSON personnalisées vers des appareils mobiles pour vérifier que les notifications sont reçues correctement. L'application s'intègre au trousseau système (keychain) pour gérer les certificats de sécurité et les clés privées pour la signature des requêtes. Elle inclut également un utilitaire pour exporter ces identités de sécurité depuis le trousseau vers des formats de fichiers portables pour une utilisation avec d'autres outils de développement. L'outil fournit des mécanismes pour la récupération automatique de jetons d'appareil et un gestionnaire de charges utiles pour enregistrer et réutiliser les jetons d'appareil et les configurations JSON. Cela permet la persistance de données de notification spécifiques pour garantir des scénarios de test reproductibles.
Exports security identities from the system keychain into files for use with external push tools.
Franz est un agrégateur de messagerie multi-services et un espace de travail de communication unifié. Il combine plusieurs services de chat, d'e-mail et de calendrier dans une interface de bureau unique pour éliminer le besoin de basculer entre des applications disparates. Le projet se distingue par un wrapper de navigateur axé sur la confidentialité qui bloque les trackers tiers et le fingerprinting tout en utilisant le chiffrement système natif pour le stockage des identifiants. Il intègre un résumé de conversation par IA qui peut s'exécuter localement ou via un hébergement cloud pour condenser les messages manqués et rédiger des réponses contextuelles. L'application offre une gestion de session étendue pour plusieurs comptes simultanés et organise les outils dans des espaces de travail axés sur la concentration. Elle inclut des capacités de tri des communications, telles que la transformation de messages en tâches, l'agrégation de vues de calendrier et la centralisation de l'accès aux fichiers sur les services intégrés. Les utilisateurs peuvent étendre la plateforme via des plugins de service personnalisés et gérer les mises en page avec des fenêtres de service détachables ou côte à côte.
Secures authentication tokens and passwords using the operating system's native encrypted keychain storage.
This project is a collection of command-line tools and scripts designed to query system keychains and recover plaintext passwords for specific wireless network identifiers. It functions as a wireless network credential extractor that retrieves saved security keys for the current or specified service set identifier. The utility specifically includes a macOS keychain access tool and a Bash-based retriever to extract security keys from the system security store. It uses platform-specific terminal commands and regular expression parsing to isolate plaintext passwords from verbose system diagnosti
Extracts plaintext passwords and security keys from the system-level secure enclave.