37 repository-uri
Mechanisms for securing application data at rest on local storage using encryption.
Distinct from Data Encryption: Distinct from Data Encryption: focuses on local disk persistence specifically rather than general data-at-rest security.
Explore 37 awesome GitHub repositories matching security & cryptography · Encrypted Persistence. Refine with filters or upvote what's useful.
RocksDB is a high-performance, embeddable persistent key-value library and storage engine based on Log-Structured Merge-trees. It is designed to provide durable storage for large-scale datasets, integrating directly into applications to manage data on flash and RAM-based hardware. The engine is distinguished by its focus on minimizing read and write amplification through multi-threaded compaction and custom memory allocators. It features specialized optimizations for flash storage, including support for zoned block devices, and provides the ability to extend store behavior via external plugin
Secures data at rest on local storage using external cryptographic libraries for encryption.
Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai
Protects sensitive application state and checkpoints using AES encryption at rest.
MMKV is a high-performance, cross-platform key-value storage framework designed for mobile platforms and POSIX environments, including Android, iOS, macOS, and Windows. It provides a persistence layer that utilizes memory-mapped files and binary serialization to achieve low-latency data access. The project distinguishes itself through native support for multi-process synchronization, allowing concurrent read and write operations across different application processes. It also implements security via AES encryption for data at rest, featuring symmetric encryption and key rotation to protect st
Provides encrypted local storage persistence using AES encryption to secure application data at rest.
LibSQL is a high-performance, distributed SQL database engine that extends SQLite to support remote network access, edge computing, and real-time synchronization. It functions as an embedded database library that integrates directly into application processes while providing the infrastructure to maintain consistency across multiple geographic regions. The platform distinguishes itself by enabling database interaction over standard HTTP protocols, allowing applications to query remote data sources in serverless and edge environments without requiring local filesystem access. It includes nativ
Secures local database files at rest using user-provided encryption keys.
This is a mobile object database and NoSQL local data store that replaces relational tables with a schema-based model. It functions as a reactive data store, using live object observations and change notifications to trigger automatic user interface refreshes. The system provides built-in mobile cloud data synchronization to keep local datasets consistent with a remote server across multiple devices. It also includes security features for encrypted local storage, protecting sensitive on-disk data using at-rest encryption keys and fine-grained access control. Broad capabilities include object
Provides at-rest encryption for local storage to protect sensitive on-device information.
Realm-Cocoa is a NoSQL mobile database engine and reactive object database designed for local data storage on mobile devices. It serves as a non-relational alternative to Core Data and SQLite, storing data as objects rather than tables. The system functions as an encrypted local store that protects sensitive application data using encryption. It provides reactive data synchronization, allowing application objects and user interfaces to update automatically when the underlying database changes.
Secures application data at rest on local mobile storage using symmetric encryption.
Signal-Desktop is a cross-platform messaging application that provides end-to-end encrypted communication. It implements the Signal Protocol to secure messages and voice calls, ensuring that only intended recipients can access content. The application manages asynchronous key exchange and session initialization to maintain secure communication channels between parties who are not online simultaneously. The project distinguishes itself through advanced cryptographic protections, including hybrid post-quantum security that combines classical elliptic curve cryptography with lattice-based algori
Secures message archives and user state on the local disk using strong encryption.
Badger is an embeddable key-value store written in Go that provides persistent data storage for byte keys and values. It is a persistent database that utilizes a tiered LSM tree storage model to optimize disk storage and retrieval efficiency. The system features an ACID transaction engine that ensures data integrity through serializable snapshot isolation and multi-version concurrency control. It also provides an encrypted key-value store with data-at-rest encryption and a managed encrypted key registry to secure stored information. The engine covers a broad set of capabilities including hig
Secures stored information on disk using provided encryption keys with support for key rotation.
Memvid is an embedded memory framework designed to provide persistent, versioned context for intelligent agents. It functions as a local vector database library that stores all data within a single binary file, removing the need for external database infrastructure or network dependencies. The system distinguishes itself by integrating in-process vector indexing with append-only versioning, allowing for high-speed semantic similarity searches alongside the ability to track and roll back state changes over time. It includes built-in transparent data encryption and masking to secure sensitive i
Secures agent information through built-in encryption within a portable binary file.
NeDB is a JavaScript embedded NoSQL document store designed for Node.js and the browser. It functions as an in-memory data store with the option to persist documents to a local file system, ensuring data survives application restarts. The project utilizes a MongoDB-compatible API to perform data operations, allowing it to serve as a lightweight document indexing system and a persistent file database without requiring a separate database server. Capabilities include querying, inserting, updating, and deleting documents, as well as the ability to create indexes on specific fields to accelerate
Implements custom hooks to encrypt data during serialization before it is persisted to local storage.
This project is a self-hosted meeting transcription and summarization tool that converts audio recordings into text transcripts and structured notes using large language models. It functions as an enterprise meeting documentation manager, allowing for the organization and editing of timestamped records. The system prioritizes data privacy through local-first processing and the ability to deploy on private infrastructure. It supports a provider-agnostic architecture, enabling users to connect to local AI engines, self-hosted servers, or cloud-based API endpoints for both transcription and summ
Protects sensitive meeting data using encryption at rest on local storage to prevent unauthorized access.
Ironclaw is an LLM orchestration framework and AI agent gateway designed to connect large language models with external tools, messaging interfaces, and persistent memory systems. It functions as a communication layer that routes interactions between users and AI models via HTTP webhooks and various messaging channels. The system focuses on secure tool execution through a WebAssembly sandbox and isolated containers, which allows the framework to run untrusted code and dynamically generate new tools from natural language descriptions. Security middleware provides prompt injection defense and s
Stores user data and audit trails in a local database using strong encryption to ensure privacy.
Signal-iOS is an encrypted messaging client that provides secure communication for voice calls, media, and text. It functions as a complete implementation of the Signal Protocol, utilizing end-to-end encryption to ensure that only intended recipients can access transmitted data. The application distinguishes itself through the integration of advanced cryptographic standards, including the use of elliptic curve cryptography for identity verification and digital signature validation. It employs a double ratchet key exchange mechanism to rotate encryption keys for every individual message, ensur
Secures all stored message history and metadata on the device using high-performance symmetric encryption keys managed by the operating system.
Realm Java is a NoSQL mobile object database and reactive database engine. It provides a persistent local data store that saves native objects directly to disk, replacing traditional SQL storage and object-relational mapping layers. The system functions as a real-time data synchronizer, coordinating local database changes with a cloud backend across multiple devices. It integrates a reactive engine that uses change listeners and asynchronous event streams to automatically update user interfaces when underlying data changes. The project covers object-oriented data modeling, CRUD operations, a
Secures application data at rest on local device storage using robust encryption to prevent unauthorized access.
Talos is a minimal, immutable Linux distribution designed specifically for deploying and managing Kubernetes clusters. It functions as an API-driven infrastructure manager that replaces traditional shell access with a declarative gRPC interface to control operating system state and configuration. The system is distinguished by its use of a read-only root filesystem and a security-hardened kernel, which removes standard GNU utilities to reduce the attack surface. It ensures environment consistency by distributing the operating system as versioned, signed images and utilizes TPM-backed verified
Protects data on local disks through TPM-backed encryption and verified boot paths.
all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on
Secures files at the storage level using master and user-specific encryption keys.
LanceDB is a vector database and columnar data store designed to function as a versioned dataset manager and vector search engine. It serves as a high-performance backend for indexing and retrieving high-dimensional embeddings, providing the foundation for machine learning data pipelines. The system distinguishes itself through a combination of cloud-native object storage and immutable version tracking, allowing for data time-travel and reproducible AI experiments. It integrates hybrid search capabilities, merging dense vector similarity with BM25 full-text search and SQL-like scalar filters
Protects stored information in the object store and cache using encryption at rest.
OrbitDB is a decentralized data storage system that enables the creation of serverless databases residing across a network of peers. It functions as a peer-to-peer database that integrates with a content-addressed storage layer to distribute and replicate data without a central server. The system utilizes conflict-free replicated data types to ensure eventual consistency and state convergence across distributed nodes. It maintains an immutable record of updates using a directed acyclic graph to preserve causal ordering and cryptographic integrity. Access is managed through a decentralized ide
Provides pluggable encryption modules to secure stored payload data and replication logs against unauthorized access.
The mongo-go-driver is a Go library for building applications that integrate with a MongoDB document store. It enables the storage and retrieval of flexible document data by providing a bridge between Go backends and the database. The driver implements specialized capabilities for semantic vector search, allowing the handling and execution of high-dimensional vector data for similarity-based retrieval. It also supports full-text search via linguistic analysis and programmatic search index management. The project covers a broad range of database operations, including document-based CRUD, bulk
Implements queryable encryption and key management to protect sensitive data at rest.
This project is a cross-platform messaging SDK and client development library used to build custom Telegram applications. It functions as a comprehensive framework that manages network encryption, local data storage, and API communication, providing a C-compatible JSON interface that allows integration with any programming language. The library distinguishes itself by providing a full database manager for encrypted local caching and synchronized state, alongside a dedicated bot framework for creating interactive bots with business account integration. It enables the implementation of speciali
Secures all application data at rest on local storage using a user-provided encryption key.