Field-Level and Format-Preserving Encryption

ShardingSphere is a distributed SQL database middleware that provides sharding, read-write splitting, and distributed transaction management for relational databases. It functions as a layer that intercepts SQL queries to distribute data across multiple physical database instances for horizontal scaling. The project is distinguished by its ability to operate as either a standalone transparent database proxy or via direct integration as a JDBC driver. It features a SQL dialect translator that parses queries into abstract syntax trees to convert syntax between different database engines, enabli

Feathers is a database-agnostic Node.js application framework designed for building scalable backend systems. It functions as a real-time API framework that provides a server implementation for both REST endpoints and WebSocket connections. The framework decouples application logic from the underlying database technology and communication protocols. This allows a single service to handle both HTTP and Socket requests while separating business logic from the specific data persistence layer. The system organizes data operations through a standardized service-based interface and utilizes hook-b

Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguish

Sops is a secrets encryption tool designed to encrypt and decrypt sensitive values within configuration files. It functions as a manager for secrets that integrates with cloud key vaults and PGP keys to secure data stored in version-controlled files. The tool utilizes structure-preserving encryption to encrypt individual values while keeping the overall file format and non-sensitive keys intact. It employs a KMS-backed encryption model, interfacing with external key management services from AWS, GCP, and Azure to handle cryptographic operations without exposing private keys locally. The proj

git-crypt is a transparent cryptography layer and secret manager for Git repositories. It encrypts specific files so they remain as ciphertext on remote servers while appearing as plaintext in local directories. The tool uses Git attributes to define the scope of files and directories targeted for encryption. It supports both symmetric secret key encryption for shared access and asymmetric public key encryption to control decryption permissions among multiple collaborators. The system automates the encryption and decryption process through hook-based filters that trigger during commit and ch

Tink is a multi-language cryptography library and security toolkit providing secure APIs for data encryption and digital signatures. It functions as a data encryption library and digital signature framework designed to prevent common implementation errors across different platforms and operating systems. The project serves as a cryptographic keyset manager, utilizing JSON for the storage, rotation, and serialization of keys to maintain consistency across various programming languages. It ensures identical cryptographic behavior globally by mapping language-specific libraries to a unified set

Presidio is a PII detection and anonymization framework designed to identify and mask personally identifiable information in text. It functions as a PII recognition pipeline and a data masking engine, using a combination of machine learning, regular expressions, and rule-based logic to locate sensitive entities. The system acts as an NER model orchestrator, allowing for the integration of external named entity recognition models and PII detectors to support multi-language privacy scrubbing. It employs a plugin-based recognizer architecture that can be extended with custom recognizers, deny-li

LitePal is an object-relational mapping library and SQLite database wrapper for Android applications. It replaces raw SQL queries with a fluent interface and object mapping to simplify local data persistence and database management. The project provides a specialized system for automatically synchronizing database schemas based on model definitions to handle version updates. It also includes a storage solution for securing sensitive data through configurable field-level encryption. The library covers broad data storage and synchronization capabilities, including atomic transaction support, m