awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

48 repository-uri

Awesome GitHub RepositoriesCredential Security

Mechanisms for securing and proxying sensitive connection credentials.

Distinguishing note: Focuses on server-side proxying to prevent credential exposure.

Explore 48 awesome GitHub repositories matching security & cryptography · Credential Security. Refine with filters or upvote what's useful.

Awesome Credential Security GitHub Repositories

Găsește cele mai bune repo-uri cu AI.Vom căuta cele mai potrivite repository-uri folosind AI.
  • posthog/posthogAvatar PostHog

    PostHog/posthog

    35,060Vezi pe GitHub↗

    PostHog is a comprehensive product analytics and feature management platform designed to capture, process, and visualize user behavior data. It provides a unified suite for tracking application events, managing feature rollouts, and monitoring system health through session recordings and error tracking. By leveraging a columnar-storage-optimized architecture, the platform enables high-performance aggregation and filtering across massive event datasets. What distinguishes PostHog is its integrated approach to data pipelines and application control. It features a robust event ingestion system t

    Protects sensitive keys through automated scanning and revocation services for leaked credentials.

    Pythonab-testingai-analyticsanalytics
    Vezi pe GitHub↗35,060
  • qwibitai/nanoclawAvatar qwibitai

    qwibitai/nanoclaw

    29,956Vezi pe GitHub↗

    Nanoclaw is an LLM agent orchestrator and multi-platform chat gateway designed to deploy and manage isolated AI agents. It provides a containerized runtime that executes agents within sandboxed Linux containers, ensuring filesystem and state isolation through dedicated workspaces and host bind-mounts. The project distinguishes itself through a unified routing pipeline that connects agents to diverse messaging platforms, including WhatsApp, Discord, Slack, Telegram, Signal, and iMessage. It integrates the Model Context Protocol to extend agent capabilities via managed external data and functio

    Implements a proxy that injects credentials into containerized agents at runtime to prevent raw key storage.

    TypeScriptai-agentsai-assistantclaude-code
    Vezi pe GitHub↗29,956
  • prefecthq/prefectAvatar PrefectHQ

    PrefectHQ/prefect

    21,640Vezi pe GitHub↗

    Prefect is a workflow orchestration platform designed to define, schedule, and monitor complex data pipelines as Python code. It functions as a container-native engine that wraps individual tasks in isolated environments, ensuring consistent dependencies and resource allocation across diverse infrastructure. By utilizing a state-machine-based orchestration model, the system tracks execution progress through discrete transitions and persistent event logs to maintain reliable and observable task processing. The platform distinguishes itself through a decoupled worker-API architecture, which sep

    Embeds authentication tokens into repository URLs to enable secure programmatic access to private resources.

    Pythonautomationdatadata-engineering
    Vezi pe GitHub↗21,640
  • livekit/livekitAvatar livekit

    livekit/livekit

    19,358Vezi pe GitHub↗

    LiveKit is a comprehensive framework for building and orchestrating real-time, multimodal AI agents that interact with users through voice, video, and text. It provides a centralized, event-driven architecture to manage the entire lifecycle of automated participants, from initialization and session state management to graceful shutdown. By utilizing a selective forwarding unit, the platform efficiently routes media streams between participants and agents, ensuring low-latency communication and secure, token-based authentication for all connections. The platform distinguishes itself through it

    Encrypts and injects API keys and authentication tokens into agent containers at runtime to protect sensitive configuration data.

    Gogolangmedia-serversfu
    Vezi pe GitHub↗19,358
  • agent0ai/agent-zeroAvatar agent0ai

    agent0ai/agent-zero

    18,103Vezi pe GitHub↗

    Agent Zero is an autonomous AI agent framework designed to execute complex, multi-step workflows by managing its own environment, persistent memory, and external tool interactions. It functions as a Python-based automation library that enables agents to write code, execute terminal commands, and perform system-level tasks independently. The system is built to handle large-scale operations through hierarchical agent delegation, allowing for the coordination of subordinate agents to maintain focus and context. The platform distinguishes itself through a focus on secure, isolated execution and s

    Provides secure runtime injection of sensitive credentials into agent workflows to prevent exposure in logs.

    Pythonagentaiassistant
    Vezi pe GitHub↗18,103
  • dagger/daggerAvatar dagger

    dagger/dagger

    15,970Vezi pe GitHub↗

    Dagger is a programmable CI/CD engine and containerized task runner designed to orchestrate build and test pipelines. It functions as an incremental build system that manages containers, filesystems, and secrets through a typed API to ensure consistent execution across local and cloud environments. The engine utilizes a language-agnostic client-server API to allow multi-language pipeline orchestration, enabling the sharing of typed artifacts and state across different SDKs without manual serialization. It optimizes execution through content-addressable caching and a directed acyclic graph to

    Injects local authentication configurations into the toolchain to authenticate container registry pulls.

    Go
    Vezi pe GitHub↗15,970
  • systemd/systemdAvatar systemd

    systemd/systemd

    15,324Vezi pe GitHub↗

    systemd is a comprehensive system and service manager for Linux that orchestrates the entire operating system lifecycle. It functions as the primary init system, managing the transition from firmware to a fully initialized user space while providing a unified framework for service orchestration, hardware management, and resource control. The project distinguishes itself through its declarative, unit-based configuration model and dynamic dependency resolution, which allow for efficient, on-demand service activation and socket-based process management. It integrates deep system observability th

    Passes sensitive data or configuration parameters to services as immutable files accessible only to the service user.

    Ccinitlinux
    Vezi pe GitHub↗15,324
  • bitwarden/clientsAvatar bitwarden

    bitwarden/clients

    13,114Vezi pe GitHub↗

    This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.

    Integrates secure storage into deployment pipelines to inject sensitive keys safely during build and release processes.

    TypeScriptangularbitwardenbrowser-extension
    Vezi pe GitHub↗13,114
  • dbt-labs/dbt-coreAvatar dbt-labs

    dbt-labs/dbt-core

    13,051Vezi pe GitHub↗

    dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d

    Loads authentication details from environment variables or local files to prevent credential exposure.

    Rustanalyticsbusiness-intelligencedata-modeling
    Vezi pe GitHub↗13,051
  • nearai/ironclawAvatar nearai

    nearai/ironclaw

    12,456Vezi pe GitHub↗

    Ironclaw is an LLM orchestration framework and AI agent gateway designed to connect large language models with external tools, messaging interfaces, and persistent memory systems. It functions as a communication layer that routes interactions between users and AI models via HTTP webhooks and various messaging channels. The system focuses on secure tool execution through a WebAssembly sandbox and isolated containers, which allows the framework to run untrusted code and dynamically generate new tools from natural language descriptions. Security middleware provides prompt injection defense and s

    Securely injects encrypted credentials into the execution context at the boundary to prevent leakage in logs.

    Rust
    Vezi pe GitHub↗12,456
  • alibaba/opensandboxAvatar alibaba

    alibaba/OpenSandbox

    11,682Vezi pe GitHub↗

    OpenSandbox is a secure sandbox runtime and containerized code execution engine designed to run AI-generated code and scripts in isolated environments. It serves as a workload orchestrator that prevents host system contamination by utilizing kernel-level isolation to execute arbitrary commands and scripts. The project distinguishes itself by providing a model context server that bridges large language models to the sandbox for performing file operations and system commands. It also includes a remote GUI sandbox that supports browser automation and desktop interfaces via remote access protocol

    Provides a mechanism for securely injecting secret keys into containerized environments at runtime.

    Python
    Vezi pe GitHub↗11,682
  • actions/starter-workflowsAvatar actions

    actions/starter-workflows

    11,694Vezi pe GitHub↗

    This project provides a comprehensive library of standardized workflow templates designed to automate continuous integration, deployment, and repository maintenance tasks. By offering a collection of pre-configured blueprints, it enables developers to initialize and manage automated pipelines for diverse programming languages and platforms using declarative configuration files. The repository functions as a centralized resource for bootstrapping automation, allowing teams to inject repository-specific metadata and dynamic variables into standardized templates. This approach ensures consistent

    Securely injects encrypted credentials into automation environments at runtime.

    TypeScriptactions
    Vezi pe GitHub↗11,694
  • opensandbox-group/opensandboxAvatar opensandbox-group

    opensandbox-group/OpenSandbox

    11,627Vezi pe GitHub↗

    OpenSandbox is a secure execution environment and runtime designed for running untrusted code and scripts generated by AI agents. It utilizes a containerized code execution engine and microVM-based isolation to protect host systems from malicious actions while providing isolated virtual environments. The project features a sandbox server based on the Model Context Protocol to automate the creation and control of virtual workspaces. It supports the deployment of secure remote desktop hosts, including headless web browsers and editor instances, for automated interaction. The system includes an

    Inserts sensitive secrets into outgoing requests via a secure proxy to keep credentials hidden from the workload.

    Pythonaiai-agentai-infra
    Vezi pe GitHub↗11,627
  • mobile-dev-inc/maestroAvatar mobile-dev-inc

    mobile-dev-inc/Maestro

    10,788Vezi pe GitHub↗

    Maestro is a declarative mobile and web UI automation framework designed for end-to-end testing. It operates by querying the native accessibility tree of an application, allowing for black-box testing without requiring source code instrumentation or platform-specific dependencies. The framework distinguishes itself through a unified command syntax that abstracts interactions across Android, iOS, and web environments. It features a dynamic synchronization engine that automatically pauses test execution to account for non-deterministic animations and network-dependent content loading, ensuring

    Passes secure credentials and parameters into automated test runs using command-line flags.

    Kotlinandroidblackbox-testingios
    Vezi pe GitHub↗10,788
  • snoopy1866/litiaotiao-custom-rulesAvatar Snoopy1866

    Snoopy1866/LiTiaotiao-Custom-Rules

    10,389Vezi pe GitHub↗

    This project provides a custom rule set and configuration profiles for content processing tools. It consists of declarative rules and JSON-based configurations that define how a target application identifies and handles specific types of data. The system enables dynamic tool configuration by injecting external logic at runtime, removing the need for core system recompilation. These configurations use schema-validated rule sets to ensure structural integrity and prevent errors during processing. The project implements pattern-based data identification using regular expressions and a priority-

    Loads external rule files during execution to modify system logic without requiring a full recompilation.

    Vezi pe GitHub↗10,389
  • langchain-ai/open-sweAvatar langchain-ai

    langchain-ai/open-swe

    9,988Vezi pe GitHub↗

    Open-SWE is an asynchronous software engineering agent and orchestrator designed to automate end-to-end coding tasks and pull request reviews. It functions as a middleware framework that coordinates long-running AI operations across multiple subagents, utilizing state persistence and human-in-the-loop oversight to manage complex workflows. The system is distinguished by its use of isolated remote Linux sandboxes for secure code execution and shell command processing. It features a webhook-driven integration platform that triggers automated engineering tasks via mentions and events in GitHub,

    Secures git operations by injecting authentication tokens into sandbox network traffic via a proxy.

    Python
    Vezi pe GitHub↗9,988
  • home-assistant/home-assistant.ioAvatar home-assistant

    home-assistant/home-assistant.io

    9,466Vezi pe GitHub↗

    Home Assistant is a local home automation platform and server that acts as an IoT device orchestrator. It integrates diverse smart home hardware by wrapping third-party APIs into a standardized logic layer and stores all system state and historical statistics on local hardware to eliminate cloud dependencies. The system functions as a Matter IoT controller and an MQTT home automation bridge, allowing for local interoperability between different manufacturers. It features a state-based entity model and an internal event bus that decouple physical device logic from system automation. The platf

    Home Assistant replaces passwords and API keys in configuration files with identifiers that map to a secure file.

    HTMLdocumentationhacktoberfesthass
    Vezi pe GitHub↗9,466
  • firebase/quickstart-androidAvatar firebase

    firebase/quickstart-android

    9,253Vezi pe GitHub↗

    This repository provides a collection of starter templates, reference projects, and implementation guides for integrating Firebase services into Android applications. It serves as a boilerplate for building mobile apps with built-in cloud backend integration. The project includes examples for connecting Android applications to large language models for generative AI features. It also provides sample code for managing user identity and authentication, as well as demonstrations for integrating cloud databases and serverless functions. The codebase covers a broad range of capabilities, includin

    Provides implementations for updating application behavior and UI parameters at runtime from a cloud service.

    Kotlinandroidfirebase
    Vezi pe GitHub↗9,253
  • orbstack/orbstackAvatar orbstack

    orbstack/orbstack

    8,903Vezi pe GitHub↗

    OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores

    Stores Docker registry login credentials securely in the macOS keychain.

    Shellcolimadockerdocker-desktop
    Vezi pe GitHub↗8,903
  • nvidia/openshellAvatar NVIDIA

    NVIDIA/OpenShell

    7,276Vezi pe GitHub↗

    OpenShell este un framework de securitate și un runtime de execuție sandbox pentru agenți AI autonomi. Oferă medii izolate folosind containere și mașini virtuale pentru a proteja infrastructura gazdă și datele sensibile de accesul neautorizat în timpul execuției agentului. Sistemul se distinge prin combinarea passthrough-ului accelerat hardware pentru accesul GPU al gazdei cu un gateway de securitate care interceptează apelurile API ale modelului. Acest gateway gestionează credențialele prin eliminarea informațiilor apelantului și injectarea secretelor backend, asigurându-se că cheile API sensibile rămân în afara sistemului de fișiere local. Platforma acoperă domenii largi de capabilități, inclusiv aplicarea declarativă a politicilor pentru restricții de sistem de fișiere și rețea, gestionarea credențialelor agentului și monitorizarea activității în timp real. Suportă furnizarea mediilor prin imagini de container personalizate, directoare locale sau cataloage comunitare.

    Injects sensitive secrets into containerized environments as runtime variables to keep keys off the local filesystem.

    Rust
    Vezi pe GitHub↗7,276
Înapoi123Înainte
  1. Home
  2. Security & Cryptography
  3. Credential Security

Explorează sub-etichetele

  • Credential IsolationSeparation of sensitive secrets from main configuration files using mapping identifiers. **Distinct from Credential Security:** Specifically about isolating credentials into a separate secure file, not just proxying them.
  • Keychain Managers1 sub-tagSoftware components that provide high-level APIs to create, read, update, and delete items in a system keychain. **Distinct from macOS Keychain Credential Stores:** Focuses on the management logic and API wrapper rather than the underlying credential store itself.
  • Proxy-Based Credential Injection1 sub-tagInjects authentication tokens into network traffic via a proxy to enable secure operations without storing secrets in the environment. **Distinct from Runtime Credential Injection:** Uses a network proxy to intercept and inject credentials, whereas runtime injection typically focuses on container environment variables.
  • Remote Credential FetchesFetches temporary security credentials from cloud services to authenticate requests. **Distinct from Credential Security:** Focuses on fetching STS credentials for cloud service authentication, rather than general proxying.
  • Runtime Credential Injection5 sub-tag-uriMechanisms for securely injecting encrypted credentials into containerized environments at runtime. **Distinct from Credential Security:** Distinct from Credential Security: focuses on the runtime injection process into containers rather than general proxying.
  • Runtime Credential SubstitutionDynamic replacement of connection string placeholders with user-specific attributes at runtime. **Distinct from Runtime Credential Injection:** Distinct from Runtime Credential Injection [f5_mt1] which focuses on container environment variables, and Database Value Substitutions [f5_mt2] which focus on masking data.
  • URL Fragment CredentialingPassing sensitive credentials via the URL fragment to prevent them from appearing in server logs. **Distinct from Credential Security:** Distinct from general Credential Security: specifically targets the avoidance of server-side logging of credentials in HTTP requests.
  • macOS Keychain Credential StoresStoring sensitive credentials using the native macOS keychain for secure authentication. **Distinct from Credential Security:** Distinct from Credential Security: focuses on macOS keychain integration for credential storage, not general credential proxying or encryption.