52 dépôts
Security features that mask or redact sensitive environment variables from logs and console output.
Distinguishing note: Focuses on security and data protection rather than general environment configuration.
Explore 52 awesome GitHub repositories matching security & cryptography · Sensitive Variable Redaction. Refine with filters or upvote what's useful.
Mise is a development environment orchestrator that manages software runtimes, environment variables, and task execution. It functions as a version manager and task runner, providing a unified interface to synchronize project-specific configurations and dependencies across different machines. By automating the installation and switching of tools, it ensures that development environments remain consistent and reproducible. The project distinguishes itself through a hierarchical configuration system that automatically discovers settings by traversing the directory tree. It uses shim-based comma
Protects sensitive information by masking private environment variables in logs and output.
Renovate is a GitOps-driven dependency management engine designed to automate the maintenance of software projects. It functions as an automated update tool that scans repository files to identify outdated dependencies, fetches the latest compatible versions from external sources, and generates pull requests to apply those updates. By integrating directly with code hosting platforms, it synchronizes project dependencies through declarative configuration files, ensuring that software components remain current and secure. The project distinguishes itself through its platform-agnostic architectu
Automatically masks sensitive credentials and tokens from log output to prevent accidental exposure during automated operations.
Letta is a framework for building, deploying, and managing autonomous AI agents that maintain persistent state across long-term interactions. It provides a comprehensive suite of primitives for defining agents with configurable personas, modular memory blocks, and tool-use capabilities, enabling them to retain user preferences and conversation history over extended sessions. The platform distinguishes itself through its advanced memory management and orchestration capabilities. It allows agents to autonomously update their own memory, perform retrieval-augmented generation, and coordinate com
Redacts sensitive credentials from agent logs and command history while injecting them at runtime.
Hurl is a command line HTTP testing tool and REST API test runner that uses a declarative, plain-text format to specify HTTP requests and responses. It functions as a client for continuous integration pipelines, allowing users to describe request sequences without a full programming language. The tool distinguishes itself by sequencing HTTP calls and verifying responses through matchers and variable capture. It maintains a stateful variable store, enabling data extracted from one response to influence subsequent requests within a workflow. The system covers API integration testing and REST w
Includes security features to mask secrets and private variables in output logs.
Gensim is a natural language processing toolkit designed for large-scale text analysis and the training of semantic vector embeddings. It provides a framework for identifying latent thematic structures within document collections and calculating semantic similarity between text segments using unsupervised statistical algorithms. The project is distinguished by its ability to handle datasets that exceed available system memory through incremental corpus streaming, which processes documents one at a time from disk. It utilizes sparse vector representations and dictionary-based token mapping to
Redacts or masks sensitive data in place across various file formats to ensure compliance.
Instructor is a framework designed for structured data extraction, validation, and language model integration. It functions as a library that transforms unstructured text into validated, type-safe objects by leveraging schema definitions and model-specific tool-calling capabilities. By acting as a validation middleware, the project ensures that language model outputs strictly conform to defined data structures. The library distinguishes itself through a robust validation-based retry loop that automatically re-submits failed responses with error feedback to iteratively correct schema complianc
Uses specialized data types to prevent sensitive values from appearing in logs while remaining available for processing.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Audits and masks sensitive information within log streams using configurable policies to ensure data privacy and compliance.
Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which
Filters sensitive information from logs to ensure security and data privacy.
Home Assistant is a local home automation platform and server that acts as an IoT device orchestrator. It integrates diverse smart home hardware by wrapping third-party APIs into a standardized logic layer and stores all system state and historical statistics on local hardware to eliminate cloud dependencies. The system functions as a Matter IoT controller and an MQTT home automation bridge, allowing for local interoperability between different manufacturers. It features a state-based entity model and an internal event bus that decouple physical device logic from system automation. The platf
Home Assistant centralizes passwords and API keys in a dedicated secrets file to prevent exposure.
Cog is a machine learning packaging tool and containerized model wrapper that bundles models and their dependencies into standardized Docker containers. It functions as an environment manager and inference server, ensuring consistent model execution across different hardware systems by resolving GPU drivers, system libraries, and Python dependencies. The project distinguishes itself by automatically generating RESTful HTTP servers and OpenAPI schemas based on defined model input and output types. It manages large model weights as external fixtures to optimize image size and utilizes a slot-ba
Provides automatic redaction of sensitive API tokens and credentials from logs to prevent accidental disclosure.
Signale est une bibliothèque de journalisation console formatée pour les applications Node.js. Elle sert de framework de journalisation enfichable et de routeur de logs basé sur des flux qui permet aux utilisateurs d'enregistrer des événements système en utilisant des niveaux, des couleurs et des styles de sortie personnalisables. Le projet se distingue comme un logger console interactif capable d'écraser les messages précédents pour réduire l'encombrement du terminal lors de tâches de longue durée. Il fonctionne également comme un moniteur de performance d'application, fournissant des outils pour mesurer et suivre le temps d'exécution entre des points de code spécifiques afin d'identifier les goulots d'étranglement de performance. La bibliothèque couvre un large éventail de capacités incluant la personnalisation de la sortie console via des loggers personnalisés et une journalisation par portée, ainsi que des fonctionnalités de sécurité pour masquer les informations sensibles des flux de logs. Les utilisateurs peuvent étendre la logique de journalisation via des plugins et router les données de log vers plusieurs destinations inscriptibles simultanément.
Implements interceptors to mask or redact sensitive data and credentials from log outputs.
Kreuzberg is a document extraction engine that converts PDFs, Office files, images, and over 90 other formats into clean, structured text and metadata. It is built around a compiled Rust core that can be used as a native library, a command-line tool, a REST API server, or a WebAssembly module for browser-based processing. The system is designed to run entirely on self-hosted infrastructure, with no data leaving the user's environment. What distinguishes Kreuzberg is its breadth of integration surfaces and its pipeline architecture. It exposes extraction capabilities through native bindings fo
Rewrites textual fields in extraction results by removing or masking patterns and NER-detected entities.
Unredacter est un reconstructeur de texte par vision par ordinateur et un utilitaire de criminalistique d'image conçu pour récupérer des caractères cachés à partir d'images pixélisées. Il fonctionne comme un outil pour inverser la pixellisation afin d'identifier le texte au sein de blocs visuels obscurcis. Le système utilise un processus de comparaison de blocs d'images pixélisés avec des caractères candidats rendus qui correspondent aux styles typographiques du texte cible. Cela permet la reconstruction d'informations obscurcies par une analyse visuelle automatisée. Le projet couvre des capacités pour l'analyse forensique numérique, les tests de rédaction d'images et l'évaluation des fuites d'informations afin de vérifier l'efficacité des techniques de masquage basées sur l'image.
Verifies if pixelation techniques effectively hide sensitive information or if the data can be recovered by attackers.
Enquirer est une bibliothèque Node.js pour créer des interfaces en ligne de commande interactives afin de recueillir des entrées utilisateur structurées. Elle fournit un ensemble d'invites de terminal, y compris des menus, des formulaires et des champs de texte, pour collecter des données via l'autocomplétion, la sélection multiple et les confirmations booléennes. Le projet sert de framework personnalisable qui permet la création de types d'invites personnalisés via une classe de base et l'extension des fonctionnalités via une architecture de plugins. La bibliothèque couvre un large éventail de modèles d'interaction, tels que la capture de données numériques et sensibles, la validation des entrées utilisateur par rapport à des règles personnalisées, et l'exécution de séquences d'invites pour recueillir des retours complexes. Elle inclut également des capacités pour trier des listes, remplir des extraits de texte et gérer la collecte de formulaires dans le terminal.
Allows capturing passwords and secret keys by masking or hiding keystrokes in the terminal.
Elsa Core is a workflow engine framework designed for defining, executing, and managing long-running business processes. It functions as a distributed workflow orchestrator and event-driven trigger system, capable of operating as a multi-tenant platform with secure data isolation. The project distinguishes itself through a flexible approach to workflow definitions, supporting a visual drag-and-drop designer, programmatic C# definitions, and portable JSON specifications. It provides a highly extensible architecture allowing for the development of custom activities and the use of a dynamic expr
Protects sensitive workflow variables by marking them as secrets to prevent logging or display.
L'OpenTelemetry Collector est un proxy agnostique et un pipeline de données d'observabilité qui reçoit, traite et exporte des traces, des métriques et des logs. Il fonctionne comme une passerelle d'ingestion de télémétrie et un agent de surveillance multi-backend, traduisant divers formats de données en une représentation interne standardisée pour un traitement cohérent. Le projet se distingue par un modèle de composants basé sur des plugins, permettant l'intégration de récepteurs, processeurs et exportateurs personnalisés sans modifier la base de code principale. Il utilise un système de pipeline configurable où la télémétrie circule à travers une séquence de composants pour être routée, répliquée ou transformée avant d'être envoyée vers des backends de surveillance externes. Le collecteur inclut des capacités de gestion du trafic de télémétrie, telles que le traitement par lots des points de données pour optimiser le débit et l'implémentation d'une limitation de charge consciente de la mémoire pour éviter les plantages système lors des pics de volume. Il fournit également une transmission de données sécurisée via des canaux chiffrés et prend en charge la résolution de configuration dynamique pour mettre à jour les paramètres à l'exécution. Des distributions pré-configurées sont disponibles pour réduire la configuration manuelle pour des environnements spécifiques.
Hides sensitive data fields during serialization to prevent secrets from appearing in logs or dumps.
Acra is an Android crash reporting framework and diagnostic data collector designed to detect failures and capture device diagnostics, system logs, and application state. It serves as an embeddable library for capturing and processing crash reports, providing a pipeline to send this data to custom backends or via email. The project features a plugin-based sender architecture that allows reports to be routed through HTTP endpoints, email clients, or proprietary backend implementations. It includes a user-controlled reporting system with preference toggles and interactive dialogs to manage user
Implements privacy protection by removing sensitive preference keys matching regular expressions from crash reports.
Moleculer is a Node.js microservices framework designed for building distributed systems. It functions as a distributed service broker, task orchestrator, and service mesh framework, enabling a decentralized architecture with built-in service discovery and load balancing. The project differentiates itself through a pluggable transport layer supporting protocols such as NATS, Redis, TCP, and Kafka, as well as a dedicated microservices API gateway that maps external HTTP and WebSocket requests to internal service actions. It includes built-in fault tolerance mechanisms, including circuit breake
Prevents sensitive configuration keys from being leaked to the service registry or other network nodes.
Ce projet est un journal de transparence public des avis de retrait pour droit d'auteur et des contre-avis. Il fonctionne comme un registre de droit d'auteur expurgé, maintenant un enregistrement chronologique des demandes d'application de la loi reçues par une plateforme d'hébergement. L'archive utilise un modèle de données en fichiers plats, stockant les avis sous forme de fichiers texte brut au sein d'une hiérarchie de répertoires. Un système de contrôle de version distribué fournit une piste d'audit permanente et un historique des versions pour tous les avis juridiques archivés. Le système se concentre sur la surveillance des droits numériques et la transparence de l'application du droit d'auteur en supprimant les informations personnellement identifiables des avis avant publication. Ces enregistrements expurgés sont organisés par date pour faciliter la navigation chronologique et l'inspection publique de la gestion des avis juridiques.
Removes personally identifiable information from legal notices before publication to protect privacy.
Libation is a comprehensive audiobook management system designed to download, decrypt, and organize Audible audiobooks. It integrates account authentication, library synchronization, DRM removal, and format transcoding into a single desktop application with a plugin-free graphical interface and a built-in theme editor. The project distinguishes itself through a batch library synchronization engine that scans all configured Audible accounts in one pass, a metadata tag rewriting system that corrects chapter markers and cover art after decryption, and a template-based file naming engine that con
Detects downloaded books by their Audible ID within a user-defined directory structure.