30 open-source projects similar to lfit/itpol, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Itpol alternative.
Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies
This project is a comprehensive hardware security guide for using YubiKey tokens to manage encryption, digital signatures, and secure authentication. It provides technical instructions for configuring hardware security modules to handle digital identity and cryptographic materials. The documentation focuses on the implementation of OpenPGP and SSH workflows, specifically covering the creation of master key hierarchies, the rotation of subkeys, and the use of hardware-backed keys for secure shell connections. It also details methods for verifying code authorship through signed Git commits and
Azure Docs is the official technical documentation repository for Microsoft Azure, the cloud computing platform. It provides comprehensive guidance on the full spectrum of Azure services, covering everything from core infrastructure components like virtual machines, Kubernetes clusters, and serverless computing to platform services for AI, machine learning, data analytics, and storage. The documentation details how to provision, manage, and govern cloud resources at scale, including policy enforcement, identity management, and cost optimization. The documentation distinguishes Azure through i
This project is a curated directory and catalog of privacy-respecting software and security-focused services. It serves as a structured resource for finding alternatives to corporate services, focusing on tools that prioritize data sovereignty, end-to-end encryption, and user anonymity. The directory is maintained as a markdown-based resource list and rendered via a static site generator. It further extends its utility through a CORS-enabled public API and a JSON-based data schema, allowing the curated catalog of tools and providers to be retrieved programmatically. The collection covers a w
This project is a comprehensive educational resource and curriculum focused on site reliability engineering, distributed systems, and infrastructure operations. It provides technical guides, a systems engineering course, and instructional manuals designed to teach the principles of managing large-scale computing environments. The curriculum covers high-level architectural design for scalability and resilience, including fault-tolerant infrastructure, high-availability patterns, and microservices decomposition. It emphasizes the practical application of site reliability engineering through the
Stellar Core is the primary software implementation of the Stellar blockchain network, serving as a distributed ledger and a Federated Byzantine Agreement system. It functions as a core node that maintains the shared state of the network and provides a runtime environment for executing WebAssembly smart contracts. The project enables the creation and management of digital assets, including the implementation of decentralized exchanges through distributed orderbooks and automated liquidity pools. It facilitates cross-border payment settlement by routing assets via path payments and bridging di
phpseclib is a pure-PHP cryptographic library that provides a comprehensive suite of cryptographic operations entirely without requiring compiled C extensions. At its core, it implements arbitrary-precision integer arithmetic for big-number math, ASN.1 DER encoding and decoding for working with cryptographic data structures, and a full set of pure-PHP cryptographic primitives. The library is designed to operate on PHP 5.6 and above, automatically detecting and using native extensions like GMP or BCMath when available, but falling back to its own pure-PHP implementations when they are not. The
Keys is a library and command-line utility designed for the generation, storage, and lifecycle management of cryptographic keys. It provides tools to create asymmetric key pairs, perform digital signature verification, and implement authenticated encryption to ensure the confidentiality and integrity of sensitive data. The project distinguishes itself by offering a secure storage abstraction that decouples application logic from underlying key storage mechanisms. By utilizing standardized cryptographic protocols, it enables consistent identity verification and data protection across diverse c
Secretive is an SSH key manager that utilizes hardware-backed security modules to generate and store non-exportable private keys. It integrates with secure enclaves to ensure that sensitive cryptographic material remains within the hardware and cannot be exported from the device. The system implements a biometric authentication workflow, requiring fingerprint or wearable verification before a private key is released for signing operations. It also provides the ability to bridge signing requests to external hardware tokens for systems that lack a built-in secure enclave. The project includes
Nomad is a distributed workload orchestrator and infrastructure automation platform designed to manage the lifecycle of applications across large-scale, heterogeneous environments. It functions as a multi-cloud orchestration engine, providing a unified control plane to deploy, scale, and govern containers, virtual machines, and legacy applications. By utilizing declarative job specifications, the system ensures infrastructure convergence and maintains the desired state across distributed data centers and geographic regions. The platform distinguishes itself through a flexible, plugin-based ar
Blackbox is a GPG secret management tool and asymmetric encryption wrapper used to securely store and share sensitive files within version control systems like Git, Mercurial, or Subversion. It functions as a version control secret store that encrypts files for safe storage at rest while allowing authorized users and machines to decrypt them. The system distinguishes itself by integrating directly with version control to provide plaintext diff and log visualization of encrypted files. It supports multi-recipient encryption and automated secret decryption via passphrase-less GPG subkeys, enabl
git-secret is a command line tool and Bash encryption utility used to manage sensitive configuration files and passwords within Git repositories. It enables version controlled secret storage by encrypting files with GPG public keys, ensuring that sensitive data can be committed to a repository without exposing plaintext. The tool utilizes a PGP encryption workflow to control access through a managed keyring of authorized public keys. This allows for the granting and revocation of decryption permissions for specific users. To prevent accidental data leaks, it automatically integrates with Git
This project is an OpenPGP cryptography library designed for encrypting, decrypting, and signing messages according to the OpenPGP standard for secure communication. It functions as an asymmetric encryption toolkit for securing data and managing digital identities through cryptographic operations. The library provides a cryptographic key manager to create and handle the public and private key pairs required for identity operations. It includes a digital signature implementation to ensure message authenticity and data integrity. The system covers a broad range of capabilities, including asymm
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
This project serves as a comprehensive technical reference and educational platform for the Ethereum ecosystem. It provides a deep dive into the fundamental architecture of decentralized ledger systems, covering the core mechanisms that enable trustless state transitions, cryptographic security, and network consensus. The documentation distinguishes itself by bridging high-level conceptual frameworks with practical implementation details. It details the lifecycle of smart contract development, from source code compilation and bytecode analysis to deployment and interaction patterns. Furthermo
Lunar is a modular PHP e-commerce framework and headless commerce engine designed to manage the backend logic and data models of an online store. It provides a decoupled infrastructure that separates business logic from the presentation layer, allowing for the orchestration of digital storefronts via an API. The system is distinguished by its headless-first approach and a dedicated toolkit for building customized administration interfaces using pre-made components and widgets. It supports complex global operations through a multilingual commerce system that handles regional storefront configu
BaoTa is a web-based Linux server control panel and system administration dashboard designed for managing hosting environments and system resources. It provides a graphical interface to translate administrative actions into system-level configurations, allowing users to manage Linux servers and web hosting stacks without relying solely on the command line. The platform distinguishes itself through AI-driven server operations, utilizing artificial intelligence for performance analysis and the execution of maintenance tasks via natural language commands. It supports multi-node orchestration, en
This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma
Dootask is an open-source project management tool and self-hosted task orchestrator designed for task distribution, project tracking, and document management. It functions as a collaborative platform that integrates team communication and workflow organization within a single workspace. The platform includes a collaborative document suite for creating shared documents, mind maps, and flowcharts. It also operates as an encrypted team communication platform, utilizing asymmetric encryption to secure internal conversations and data exchange. The system covers broader capabilities in identity ma
Flux is a Kubernetes GitOps controller and deployment engine that synchronizes cluster state with configurations stored in a Git repository. It serves as a system for continuous delivery, utilizing a manifest generator to create configuration files from templates and a reconciliation loop to ensure the live environment matches the desired state defined in versioned repositories. The project distinguishes itself through a container image automator that scans registries and updates manifests based on semantic versioning or regular expressions. It incorporates secure configuration deployment via
Linsa.io is an end-to-end encrypted cloud storage service and zero-knowledge data vault. It functions as a private content sharing platform that encrypts files and data on the client side, ensuring only the owner can access the stored content. The project employs a local-first approach, processing data updates and encryption on the local device before syncing encrypted blobs to a remote persistence layer. It uses a zero-knowledge architecture where the service provider cannot access decryption keys or view the plaintext content of stored files. The platform provides capabilities for private
This project is a comprehensive guide to Git version control standards and best practices. It provides a set of instructions for writing professional commit messages and managing repository history to ensure project maintainability. The documentation covers the standardization of commit messages through specific rules for mood, capitalization, and structural separation of subjects and bodies. It also includes guidelines for composing pull request summaries and cover letters to provide maintainers with necessary technical context and logic. The guide extends to repository security and history
Ungit is a web-based graphical interface and version control client for managing Git repositories. It provides a visual dashboard for performing version control operations, staging changes, and committing files without using a terminal. The project integrates third-party merge utilities to resolve file conflicts and includes a system for signing and verifying the authenticity of code contributions using PGP encryption keys. The interface maintains synchronization with the local filesystem by monitoring directory changes in real time to update the repository state. It interfaces with the unde
JumpServer is a privileged access management platform designed to manage and audit secure access to SSH, RDP, Kubernetes, and database endpoints. It functions as a centralized gateway that brokers remote terminal and graphical sessions to isolate users from critical infrastructure. The system utilizes a web-based protocol gateway to translate remote connections into browser-compatible streams and a protocol-based proxy layer to isolate end-user devices from target assets. It incorporates security watermarking to deter unauthorized screen captures and provides a Kubernetes access gateway for c
VeraCrypt is a cross-platform disk encryption utility used to create encrypted file containers and secure entire disk partitions. It functions as a tool for full disk encryption and a manager for encrypted volumes, providing a means to protect sensitive data on local disks and removable media across multiple operating systems. The software is distinguished by its support for plausible deniability, allowing the creation of hidden volumes nested within other encrypted volumes to conceal the existence of data. It also implements hardware-based access control, requiring physical security tokens,
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
This project provides a shell-based automation utility for deploying and managing OpenVPN servers on Linux hosts. It functions as an orchestration tool that handles the installation of networking software, the configuration of system-level routing rules, and the generation of cryptographic credentials required to establish secure, encrypted tunnels for remote network access. The tool distinguishes itself by automating the entire lifecycle of a private network gateway, including the management of peer identities and the distribution of standardized configuration profiles. It simplifies the set
MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential
This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,