22 个仓库
Systems that provide secure, audited connectivity to database endpoints through proxy gateways.
Distinct from Database Connectivity: Distinct from general connectivity [f12_mt2]; focuses on the secure, proxied access for administration.
Explore 22 awesome GitHub repositories matching security & cryptography · Secure Database Access. Refine with filters or upvote what's useful.
JumpServer is a privileged access management platform designed to manage and audit secure access to SSH, RDP, Kubernetes, and database endpoints. It functions as a centralized gateway that brokers remote terminal and graphical sessions to isolate users from critical infrastructure. The system utilizes a web-based protocol gateway to translate remote connections into browser-compatible streams and a protocol-based proxy layer to isolate end-user devices from target assets. It incorporates security watermarking to deter unauthorized screen captures and provides a Kubernetes access gateway for c
Establishes secure sessions to database endpoints using a web-based interface and proxy connectors.
pgweb is a web-based database client and graphical administration tool for PostgreSQL. It provides a browser-based interface for executing SQL queries, inspecting schemas, and managing database objects. The tool includes a read-only mode that prevents destructive operations by blocking specific SQL keywords. It supports secure remote access to private instances through native SSH tunneling and encrypted database connections. The application covers a broad range of management capabilities, including multi-environment session management, database structure inspection, and the export of query r
Enables secure, audited connectivity to private PostgreSQL instances via encrypted tunnels and SSL.
PyMySQL is a MySQL database connector and SQL database driver for Python environments. It serves as a client library that enables Python applications to establish network connections and interact with MySQL database servers. The library is a pure Python implementation of the MySQL client-server wire protocol. This design allows for MySQL integration and data management without requiring native C extensions. The project provides capabilities for database connectivity, query execution, and secure access control. It follows the DB-API 2.0 specification to provide a consistent interface for mana
Ensures secure database access by authenticating users through a variety of secure password plugins.
MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential
Automatically locks the credential database based on system sleep, idle time, or user logout.
This project is a Java persistence generator and database mapping tool designed to produce boilerplate persistence layer code. It translates database schemas and column comments into structured Java annotations and mapping files, replacing the need for manual configuration writing. The tool provides a visual interface for generating code and manages secure database access through SSH tunneling. It allows users to connect to private databases via encrypted tunnels to safely extract schemas without exposing the database to the public internet. The system includes capabilities for database sche
Provides secure connectivity to private database endpoints through encrypted SSH tunnels for safe schema extraction.
This is a Backend as a Service SDK for Apple platforms, providing a collection of libraries that connect iOS and macOS applications to cloud databases, authentication services, and serverless infrastructure. It serves as a developer kit for integrating real-time data synchronization, file storage, and push notifications into native apps. The SDK is distinguished by its generative AI integration, which routes text and multimodal prompts between on-device models and cloud-hosted large language models. It further differentiates itself with a specialized app distribution tool for managing pre-rel
Protects database access by enforcing security rules and IAM policies based on authenticated identity.
AliSQL is a fork of MySQL by Alibaba that extends the relational database management system with enhancements for high performance, scalability, and enterprise-grade availability. It retains the core MySQL identity as a SQL-based database for storing, organizing, and retrieving structured data, while adding optimizations for large-scale transactional and analytical workloads. The project differentiates itself through a set of Alibaba-specific improvements, including a columnar engine for accelerating analytical queries directly on MySQL tables, and a distributed, shared-nothing NDB Cluster en
Authenticates users and grants or denies permissions on databases, tables, and columns to control read and write access.
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
Manages PostgreSQL users and groups, restricts client connections by host, and grants fine-grained privileges on tables and views.
Pigsty 是一个全面的数据库基础设施编排平台,旨在自动化高可用 PostgreSQL 集群的全生命周期。它作为一个基础设施即代码(IaC)框架,通过幂等 Playbook 管理集群协调、节点配置与服务发现。通过集成分布式共识机制,该平台确保了在包括裸机与虚拟化基础设施在内的多样化环境中,自动化故障转移与一致的状态强制执行。 该平台通过一套超越标准数据库管理的强大运营能力脱颖而出。它具备内置的观测流水线,将指标、日志与追踪聚合到集中式仪表盘中,用于实时性能监控与诊断分析。此外,它还提供了一个模拟专有线路协议与 SQL 语法的迁移框架,允许将遗留企业数据库工作负载集成到现代关系型环境中。 该系统涵盖了广泛的功能面,包括带有写时复制(CoW)克隆以实现快速部署的高级存储管理,以及协调关系型引擎与缓存及对象存储服务的多数据库编排。它还整合了安全加固、自动化备份与恢复,以及通过分层代理进行的流量路由,以将客户端连接与底层集群拓扑解耦。 该项目以自包含的包镜像模型分发,能够在安全或离线环境中实现一致的部署与依赖管理。
Enforces security best practices by automating certificate authority management, SSL encryption, and granular access control rules.
deployd 是一个实时 API 框架和 MongoDB 后端即服务 (BaaS),允许创建在客户端和服务器之间同步数据和事件的网络化接口。它作为一个 JavaScript API 中间件,可以与 HTTP 服务器集成,以提供身份验证、请求拦截器和实时功能。 该项目具有一个自托管的 API 管理仪表板,用于通过 Web 界面配置资源设置、管理数据集合和监控服务器状态。它包括一个实时数据同步引擎,使用 Socket 将实时数据库更新推送到连接的客户端。 该系统涵盖了具有模式验证和递归查询的后端数据管理,以及跨无状态请求和持久连接跟踪会话的用户身份验证工作流。它还提供实时事件广播、通过模块扩展自定义 API 中间件以及管理访问控制的功能。 该项目包含一个用于引导新项目和运行开发服务器的 CLI。
Restricts direct database API calls from untrusted clients to ensure only authorized data access is permitted.
Ockam 是一个零信任网络框架,旨在通过基于身份的网络覆盖层来保护分布式应用之间的数据传输。它提供了建立双向认证和端到端加密连接所需的基础原语,从而消除了对传统网络层安全性的依赖。 该项目的特点是使用基于属性的访问控制和可验证凭证来大规模管理信任。它实现了加密身份轮换以保持身份连续性,并与硬件支持的密钥管理系统集成,从而将私钥安全地存储在安全隔离区或云密钥管理服务中。 该平台涵盖了广泛的功能,包括多跳二进制路由和基于中继的网络桥接,以连接不同的网络。它可以将传统的 TCP 或 Kafka 流量封装在安全隧道中,使私有服务能够在不暴露监听端口的情况下进行通信。此外,它还采用有状态的 Actor 模型,在分布式节点间异步处理消息。 部署方面,它支持通过基础设施即代码 (IaC) 模板在云环境中配置安全节点和网关。
Provides secure, encrypted tunneling for database clients to access private database instances.
TablePro is a cross-platform database management client designed for browsing, querying, and administering both SQL and NoSQL databases. It functions as a unified workspace that integrates a code-centric SQL editor with schema visualization tools, allowing developers to manage complex data models and execute queries across diverse database engines. The application distinguishes itself through an agentic AI integration layer that connects language models directly to database tools, enabling automated query generation, optimization, and error fixing with configurable approval gates. It features
Enforces per-connection security policies ranging from read-only modes to biometric authentication requirements to prevent accidental data modification.
这是一个 Kubernetes Operator,旨在通过声明式配置部署和管理生产级 PostgreSQL 数据库集群。它作为一个控制器,将数据库集群的实际状态与期望状态同步,提供了一个用于高可用性编排、自动化备份与恢复以及容器化数据库管理的系统。 该 Operator 的特色在于其全面的数据保护套件,支持时间点恢复、到云对象存储的多模式备份以及集群克隆。它使用分布式共识实现自动化故障转移,确保持续可用性,并通过集成的连接池支持复杂的流量管理。 该项目涵盖了广泛的操作功能,包括同步和异步复制、通过专用监控堆栈进行遥测收集,以及具有自动化 TLS 证书轮换的安全身份管理。它还提供了用于存储卷扩展、数据库引擎更新以及集成各种数据库扩展的工具。 该控制器使用可自定义的清单安装到集群中,以实现数据库环境的声明式编排。
Defines database users and assigns specific access permissions and role attributes.
Tenancy is a multi-tenancy framework for Laravel applications designed to support SaaS architectures. It provides a comprehensive system for implementing tenant data isolation, allowing developers to choose between dedicated multi-database schemas or single-database scoping via traits. The project distinguishes itself through a robust resource isolation model that extends beyond the database to include filesystems, Redis stores, and caches. It features an event-driven lifecycle orchestrator for automating tenant provisioning and a flexible identification middleware that resolves tenants via d
Grants a database user access to both central and tenant-specific databases for cross-environment operations.
MongoDB Python Driver 是一个客户端库和 NoSQL 数据库客户端,用于使用 Python 编程语言执行 CRUD 操作并管理 MongoDB 数据库中的数据。它作为一个数据库连接库,处理身份验证和连接池,同时还提供了一个用于管理嵌入索引并基于语义相似度检索数据的向量搜索客户端。 该驱动程序支持同步和异步数据库驱动模型,以执行非阻塞 I/O 操作并从数据库集群流式传输数据。它的独特之处在于专门的搜索能力,包括全文搜索和执行向量搜索以基于数学相似度检索数据。 其更广泛的能力涵盖数据存储和同步,包括多阶段聚合管道、索引生命周期管理和 BSON 二进制序列化。该库还实现了安全原语,如客户端字段级加密、TLS 连接安全以及与云身份提供商的集成。其他功能包括通过文件系统接口进行的大文件存储和实时数据变更监控。
Implements client-side field level encryption and secure authentication to protect sensitive data.
BLEUnlock 是一款 macOS 自动化工具和基于接近度的系统控制器,通过监控受信任的蓝牙低功耗(BLE)设备的范围,实现屏幕安全和基于硬件的自动解锁。它作为一个后台实用程序,通过唯一标识符和信号强度识别并过滤附近设备,从而触发系统操作。 该系统自动管理屏幕锁定状态,当配对设备进入定义的信号范围时唤醒显示器并解锁计算机,或者当设备移出范围时锁定屏幕并启动屏幕保护程序。 除了安全性之外,该工具还提供基于接近度的系统管理功能,包括在锁定和解锁事件发生时暂停或恢复媒体播放,以及执行自定义用户定义的 Shell 脚本。
Automatically locks the computer when a recognized Bluetooth Low Energy device moves out of range.
RavenDB is a multi-model NoSQL document database designed for high-performance, ACID-compliant data storage. It persists structured information as schema-flexible JSON documents and utilizes a unit-of-work session pattern to track entity changes and batch modifications into atomic transactions. The platform is built on a distributed architecture that supports horizontal scaling through sharding and ensures high availability via multi-node, master-to-master cluster replication. The database distinguishes itself through a self-optimizing query engine that automatically creates and maintains ind
Provides secure, audited database connectivity through mutual authentication and full at-rest encryption.
adminMongo is a graphical management tool designed for the administration of MongoDB databases. It provides a visual interface for managing databases, collections, and documents, allowing users to perform administrative tasks such as creating and organizing data structures, managing indexes, and executing queries to retrieve or filter records. The application functions as a cross-platform desktop client, utilizing a containerized environment to provide a standalone experience on major operating systems. It distinguishes itself by integrating server monitoring capabilities, which track perform
Configures and protects remote or local MongoDB connections with authentication and session management to prevent unauthorized access.
TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro
Protects underlying database and indexing backends using password-protected authentication.
Sqlit is a terminal-based SQL client and database explorer designed for executing queries and managing database connections. It functions as a command line interface that provides syntax highlighting, command history, and a terminal user interface for rendering results. The tool features a discovery engine that scans local Docker sockets to automatically identify and resolve connection details for active database containers. It handles secure access through encrypted SSH tunnels and integrates with external secrets managers to retrieve credentials. The project includes capabilities for data
Secures database connectivity using encrypted SSH tunnels and external secrets managers.