48 repository-uri
Mechanisms for securing and proxying sensitive connection credentials.
Distinguishing note: Focuses on server-side proxying to prevent credential exposure.
Explore 48 awesome GitHub repositories matching security & cryptography · Credential Security. Refine with filters or upvote what's useful.
PostHog is a comprehensive product analytics and feature management platform designed to capture, process, and visualize user behavior data. It provides a unified suite for tracking application events, managing feature rollouts, and monitoring system health through session recordings and error tracking. By leveraging a columnar-storage-optimized architecture, the platform enables high-performance aggregation and filtering across massive event datasets. What distinguishes PostHog is its integrated approach to data pipelines and application control. It features a robust event ingestion system t
Protects sensitive keys through automated scanning and revocation services for leaked credentials.
Nanoclaw is an LLM agent orchestrator and multi-platform chat gateway designed to deploy and manage isolated AI agents. It provides a containerized runtime that executes agents within sandboxed Linux containers, ensuring filesystem and state isolation through dedicated workspaces and host bind-mounts. The project distinguishes itself through a unified routing pipeline that connects agents to diverse messaging platforms, including WhatsApp, Discord, Slack, Telegram, Signal, and iMessage. It integrates the Model Context Protocol to extend agent capabilities via managed external data and functio
Implements a proxy that injects credentials into containerized agents at runtime to prevent raw key storage.
Prefect is a workflow orchestration platform designed to define, schedule, and monitor complex data pipelines as Python code. It functions as a container-native engine that wraps individual tasks in isolated environments, ensuring consistent dependencies and resource allocation across diverse infrastructure. By utilizing a state-machine-based orchestration model, the system tracks execution progress through discrete transitions and persistent event logs to maintain reliable and observable task processing. The platform distinguishes itself through a decoupled worker-API architecture, which sep
Embeds authentication tokens into repository URLs to enable secure programmatic access to private resources.
LiveKit is a comprehensive framework for building and orchestrating real-time, multimodal AI agents that interact with users through voice, video, and text. It provides a centralized, event-driven architecture to manage the entire lifecycle of automated participants, from initialization and session state management to graceful shutdown. By utilizing a selective forwarding unit, the platform efficiently routes media streams between participants and agents, ensuring low-latency communication and secure, token-based authentication for all connections. The platform distinguishes itself through it
Encrypts and injects API keys and authentication tokens into agent containers at runtime to protect sensitive configuration data.
Agent Zero is an autonomous AI agent framework designed to execute complex, multi-step workflows by managing its own environment, persistent memory, and external tool interactions. It functions as a Python-based automation library that enables agents to write code, execute terminal commands, and perform system-level tasks independently. The system is built to handle large-scale operations through hierarchical agent delegation, allowing for the coordination of subordinate agents to maintain focus and context. The platform distinguishes itself through a focus on secure, isolated execution and s
Provides secure runtime injection of sensitive credentials into agent workflows to prevent exposure in logs.
Dagger is a programmable CI/CD engine and containerized task runner designed to orchestrate build and test pipelines. It functions as an incremental build system that manages containers, filesystems, and secrets through a typed API to ensure consistent execution across local and cloud environments. The engine utilizes a language-agnostic client-server API to allow multi-language pipeline orchestration, enabling the sharing of typed artifacts and state across different SDKs without manual serialization. It optimizes execution through content-addressable caching and a directed acyclic graph to
Injects local authentication configurations into the toolchain to authenticate container registry pulls.
systemd is a comprehensive system and service manager for Linux that orchestrates the entire operating system lifecycle. It functions as the primary init system, managing the transition from firmware to a fully initialized user space while providing a unified framework for service orchestration, hardware management, and resource control. The project distinguishes itself through its declarative, unit-based configuration model and dynamic dependency resolution, which allow for efficient, on-demand service activation and socket-based process management. It integrates deep system observability th
Passes sensitive data or configuration parameters to services as immutable files accessible only to the service user.
This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.
Integrates secure storage into deployment pipelines to inject sensitive keys safely during build and release processes.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Loads authentication details from environment variables or local files to prevent credential exposure.
Ironclaw is an LLM orchestration framework and AI agent gateway designed to connect large language models with external tools, messaging interfaces, and persistent memory systems. It functions as a communication layer that routes interactions between users and AI models via HTTP webhooks and various messaging channels. The system focuses on secure tool execution through a WebAssembly sandbox and isolated containers, which allows the framework to run untrusted code and dynamically generate new tools from natural language descriptions. Security middleware provides prompt injection defense and s
Securely injects encrypted credentials into the execution context at the boundary to prevent leakage in logs.
OpenSandbox is a secure sandbox runtime and containerized code execution engine designed to run AI-generated code and scripts in isolated environments. It serves as a workload orchestrator that prevents host system contamination by utilizing kernel-level isolation to execute arbitrary commands and scripts. The project distinguishes itself by providing a model context server that bridges large language models to the sandbox for performing file operations and system commands. It also includes a remote GUI sandbox that supports browser automation and desktop interfaces via remote access protocol
Provides a mechanism for securely injecting secret keys into containerized environments at runtime.
This project provides a comprehensive library of standardized workflow templates designed to automate continuous integration, deployment, and repository maintenance tasks. By offering a collection of pre-configured blueprints, it enables developers to initialize and manage automated pipelines for diverse programming languages and platforms using declarative configuration files. The repository functions as a centralized resource for bootstrapping automation, allowing teams to inject repository-specific metadata and dynamic variables into standardized templates. This approach ensures consistent
Securely injects encrypted credentials into automation environments at runtime.
OpenSandbox is a secure execution environment and runtime designed for running untrusted code and scripts generated by AI agents. It utilizes a containerized code execution engine and microVM-based isolation to protect host systems from malicious actions while providing isolated virtual environments. The project features a sandbox server based on the Model Context Protocol to automate the creation and control of virtual workspaces. It supports the deployment of secure remote desktop hosts, including headless web browsers and editor instances, for automated interaction. The system includes an
Inserts sensitive secrets into outgoing requests via a secure proxy to keep credentials hidden from the workload.
Maestro is a declarative mobile and web UI automation framework designed for end-to-end testing. It operates by querying the native accessibility tree of an application, allowing for black-box testing without requiring source code instrumentation or platform-specific dependencies. The framework distinguishes itself through a unified command syntax that abstracts interactions across Android, iOS, and web environments. It features a dynamic synchronization engine that automatically pauses test execution to account for non-deterministic animations and network-dependent content loading, ensuring
Passes secure credentials and parameters into automated test runs using command-line flags.
This project provides a custom rule set and configuration profiles for content processing tools. It consists of declarative rules and JSON-based configurations that define how a target application identifies and handles specific types of data. The system enables dynamic tool configuration by injecting external logic at runtime, removing the need for core system recompilation. These configurations use schema-validated rule sets to ensure structural integrity and prevent errors during processing. The project implements pattern-based data identification using regular expressions and a priority-
Loads external rule files during execution to modify system logic without requiring a full recompilation.
Open-SWE is an asynchronous software engineering agent and orchestrator designed to automate end-to-end coding tasks and pull request reviews. It functions as a middleware framework that coordinates long-running AI operations across multiple subagents, utilizing state persistence and human-in-the-loop oversight to manage complex workflows. The system is distinguished by its use of isolated remote Linux sandboxes for secure code execution and shell command processing. It features a webhook-driven integration platform that triggers automated engineering tasks via mentions and events in GitHub,
Secures git operations by injecting authentication tokens into sandbox network traffic via a proxy.
Home Assistant is a local home automation platform and server that acts as an IoT device orchestrator. It integrates diverse smart home hardware by wrapping third-party APIs into a standardized logic layer and stores all system state and historical statistics on local hardware to eliminate cloud dependencies. The system functions as a Matter IoT controller and an MQTT home automation bridge, allowing for local interoperability between different manufacturers. It features a state-based entity model and an internal event bus that decouple physical device logic from system automation. The platf
Home Assistant replaces passwords and API keys in configuration files with identifiers that map to a secure file.
This repository provides a collection of starter templates, reference projects, and implementation guides for integrating Firebase services into Android applications. It serves as a boilerplate for building mobile apps with built-in cloud backend integration. The project includes examples for connecting Android applications to large language models for generative AI features. It also provides sample code for managing user identity and authentication, as well as demonstrations for integrating cloud databases and serverless functions. The codebase covers a broad range of capabilities, includin
Provides implementations for updating application behavior and UI parameters at runtime from a cloud service.
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Stores Docker registry login credentials securely in the macOS keychain.
OpenShell este un framework de securitate și un runtime de execuție sandbox pentru agenți AI autonomi. Oferă medii izolate folosind containere și mașini virtuale pentru a proteja infrastructura gazdă și datele sensibile de accesul neautorizat în timpul execuției agentului. Sistemul se distinge prin combinarea passthrough-ului accelerat hardware pentru accesul GPU al gazdei cu un gateway de securitate care interceptează apelurile API ale modelului. Acest gateway gestionează credențialele prin eliminarea informațiilor apelantului și injectarea secretelor backend, asigurându-se că cheile API sensibile rămân în afara sistemului de fișiere local. Platforma acoperă domenii largi de capabilități, inclusiv aplicarea declarativă a politicilor pentru restricții de sistem de fișiere și rețea, gestionarea credențialelor agentului și monitorizarea activității în timp real. Suportă furnizarea mediilor prin imagini de container personalizate, directoare locale sau cataloage comunitare.
Injects sensitive secrets into containerized environments as runtime variables to keep keys off the local filesystem.