30 open-source projects similar to veracrypt/veracrypt, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best VeraCrypt alternative.
This project is a cross-platform credential management suite designed to store sensitive information in encrypted local databases. It functions as a secure desktop application that provides a unified environment for organizing secrets, generating passwords, and managing multi-factor authentication tokens. By utilizing industry-standard file formats, the application ensures that stored credentials remain secure and interoperable across different operating systems. The software distinguishes itself through deep integration with hardware-backed security and system-level services. It supports phy
Cryptomator is a client-side cloud encryption tool and cross-platform vault manager. It provides a transparent encryption layer that encrypts files and folder structures locally before they are uploaded to a cloud storage provider. The software creates virtual encrypted drives that mount encrypted vaults, allowing users to interact with their data as if it were on a physical disk. It supports the management of multiple independent encrypted containers, each protected by a unique password. The project covers data privacy through directory structure obfuscation and filename encryption to hide
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
OmniRoute is a unified LLM API gateway that connects multiple AI providers to a single endpoint. Its primary purpose is to simplify the integration of various AI models into tools and agents by translating different provider formats into a standardized API. The project distinguishes itself through a multi-strategy request routing system that optimizes for cost, speed, and availability, including automatic model fallbacks and a circuit-breaker resilience model to isolate provider failures. It employs a local-first security posture, using AES-256-GCM encryption to store API keys and conversatio
MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential
SEAL is a homomorphic encryption library and C++ cryptography framework that enables mathematical operations on encrypted data without requiring decryption. It provides a toolset for performing additions and multiplications on encrypted integers and complex numbers to support privacy-preserving computation. The framework implements the BFV and CKKS schemes, allowing for both modular arithmetic on encrypted integers and approximate arithmetic on fixed-precision floating-point numbers. It includes specialized wrappers to integrate these cryptographic workflows into .NET environments and support
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim
itpol is a framework for cryptographic key management, digital signature policies, and security hardening. It provides an IT policy template library and infrastructure access frameworks to establish organizational security guidelines and governance. The project focuses on cryptographic identity management through the use of PGP and SSH keys, alongside a security hardening guide for workstations. It defines standards for software supply chain security, specifically regarding the signing of code commits and software releases to ensure provenance. The system covers a broad range of security cap
all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on
This project is an open-source software development kit and framework for implementing the Matter smart home standard. It provides a universal IPv6-based application layer and a cluster-based data model to ensure interoperability between diverse smart home devices and controllers. The system is distinguished by its multi-transport network abstraction, which maps Bluetooth LE, Thread, and Wi-Fi implementations to a common layer. It includes specialized tooling for secure device commissioning via QR codes and NFC, as well as a comprehensive over-the-air firmware update system for distributing s
This project is a collection of reference implementations, sample code, and starter kits for integrating Firebase backend services into web applications using the JavaScript SDK. It serves as a practical guide for bootstrapping projects with cloud-hosted authentication, databases, and serverless logic. The repository provides specific examples for implementing real-time data synchronization, user identity management, and event-driven cloud functions. It also includes reference code for using local service emulators to test cloud functionality on a local machine before production deployment.
This is an open-source educational website that translates and localizes MIT's Missing Semester course, teaching practical computing skills for computer science students. The curriculum covers developer tooling, shell scripting, version control, security fundamentals, and open-source collaboration, with a focus on core computing skills including data processing pipelines, workflow automation, secure remote access, shell productivity, Vim editing, and Git version control. The project distinguishes itself by teaching command-line mastery, shell scripting, and automation to boost daily developer
gocryptfs is a FUSE-based encrypted filesystem that transparently encrypts and decrypts file contents and filenames on disk. It uses block-level authenticated encryption with AES-GCM or AES-SIV-512, binding each block to its file header and offset for integrity, while obfuscating filenames with EME or AES-SIV wide-block ciphers using per-directory initialization vectors. The system derives all encryption keys and initialization vectors deterministically from a master key using HKDF and SHA256, enabling reproducible ciphertext for reliable backup and synchronization workflows. The project dist
release-it is a Git release automation tool designed to coordinate software versioning, changelog generation, and package publishing. It functions as a semantic versioning manager that increments project versions and updates configuration files based on semantic standards or custom schemes. The project distinguishes itself through a plugin-based extension system that allows for custom versioning and publishing logic. It supports complex project structures via monorepo versioning automation to synchronize internal dependencies across multiple workspaces. The tool covers a broad range of capab
This project is a comprehensive, community-maintained knowledge base and toolkit designed for competitive programming. It serves as a centralized repository for algorithmic theory, data structures, and mathematical techniques, providing a structured reference for informatics and collegiate programming competitions. The project distinguishes itself by integrating educational content with a robust suite of automation utilities. It provides a complete workflow for competitive programming, including tools for automated test case generation, solution verification, and direct interaction with onlin
This project is a comprehensive hardware security guide for using YubiKey tokens to manage encryption, digital signatures, and secure authentication. It provides technical instructions for configuring hardware security modules to handle digital identity and cryptographic materials. The documentation focuses on the implementation of OpenPGP and SSH workflows, specifically covering the creation of master key hierarchies, the rotation of subkeys, and the use of hardware-backed keys for secure shell connections. It also details methods for verifying code authorship through signed Git commits and
CloverBootloader is a UEFI-compliant boot loader designed to initialize hardware and launch multiple operating systems across various platforms. Its primary purpose is to enable the booting of operating systems on unsupported hardware through system identity spoofing and hardware emulation. The project specializes in hardware compatibility patching by modifying ACPI tables, faking hardware IDs, and patching binary kernels or extensions in memory during the boot process. It provides capabilities to inject kernel extensions and spoof system parameters, such as product names and serial numbers,
This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k
This project is a comprehensive security hardening and privacy management guide for macOS. It provides a set of instructions and checklists for reducing the system attack surface through manual configuration, policy enforcement, and a layered defense strategy. The guide emphasizes a system auditing framework, using binary analysis, system logs, and packet inspection to verify that security controls and application sandboxing are functioning as intended. It offers tool-agnostic recommendations, defining security goals while allowing users to select their own third-party software for implementa
Disko is a declarative configuration system for managing Linux disk partitioning, filesystem formatting, and LUKS encryption setup. It functions as a disk provisioner that allows users to define disk layouts and mount points through configuration files rather than manual commands. The project focuses on providing reproducible system installations by defining storage provisioning as code. It specifically automates the creation of partition tables, the setup of encrypted storage containers, and the configuration of filesystem layouts for NixOS systems. The toolset includes a command-line inter
BLAKE3 is a high-performance implementation of the BLAKE3 cryptographic hash algorithm used for calculating secure data digests and fingerprints. It functions as a parallel cryptographic hash tool that distributes workloads across multiple processor threads to process large datasets rapidly. The project provides specialized tools for keyed hashing and the generation of message authentication codes. It also includes functionality for cryptographic key derivation, allowing the creation of unique secret sub-keys from a master key and context strings. The implementation supports data integrity v
CryptoSwift is a cryptography library implemented entirely in the Swift programming language. It provides a collection of standard cryptographic algorithms for encryption, decryption, and hashing without relying on native C libraries or system frameworks. The library supports symmetric and asymmetric encryption, including RSA key generation and signature management. It features authenticated encryption schemes and the ability to generate cryptographic digests for data integrity verification. The toolset covers message authentication codes, secure key derivation from passwords, and data paddi
This project is a mobile Bitcoin wallet and standalone node for Android devices. It enables the management of private keys and the processing of cryptocurrency transactions directly on the device without relying on a centralized backend server. The application distinguishes itself by supporting decentralized node operations, allowing users to maintain a direct connection to the blockchain network. It also integrates near-field communication to read payment requests from passive tags, automating the population of transaction details. The wallet includes capabilities for portfolio tracking wit
pysheeet is a technical reference library providing a curated collection of code snippets and implementation patterns for advanced Python development, system integration, and high-performance computing. It serves as a comprehensive guide for implementing low-level network programming, native C extensions, and asynchronous and concurrent programming. The project provides specialized frameworks for the development and deployment of large language models, including tools for distributed GPU inference and high-performance serving. It also includes detailed patterns for high-performance computing
This project is an Ethereum wallet browser extension that serves as a blockchain identity manager and a bridge between decentralized applications and the Ethereum blockchain. It functions as a multi-network blockchain wallet, allowing users to manage digital keys and interact with various Ethereum-compatible network ecosystems. The software provides a provider interface for signing transactions and reading chain data. It enables users to switch between different blockchain networks and maintain secure identities to authenticate on decentralized networks. The system covers the management of w
crypto-js is a JavaScript cryptography library providing a collection of standard cryptographic algorithms and data transformation tools. It functions as a symmetric encryption toolset, a cryptographic hash implementation, and a password derivation tool for the JavaScript environment. The library enables the protection of sensitive data through symmetric encryption and the production of fixed-size data digests to verify integrity. It includes utilities for converting user passwords into secure cryptographic keys and a data format converter for translating information between Base64, Hex, and
dotenvx is a cross-platform command-line tool that encrypts .env files using public-key cryptography and decrypts them at runtime, injecting the plaintext secrets into a process environment before execution. It treats encrypted environment files as self-contained vaults that are loaded and decrypted entirely in memory each time a command runs. What sets dotenvx apart is its ability to armor the private decryption key itself with a passphrase, allowing that key to be stored remotely and retrieved only when decryption is needed. A single encrypted vault file can be bound to multiple per-envir
KeePassX is a cross-platform password vault application and database manager that stores usernames and passwords in an encrypted file. It utilizes the KeePass database format to secure records using a master password or an optional key file. The application includes an automatic form filler that populates login fields in external applications and a secure password generator for creating high-entropy randomized passwords. The system provides tools for organizing credentials through custom metadata and grouping, alongside utilities for searching records and importing or exporting data.