awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

125 个仓库

Awesome GitHub RepositoriesSensitive Data Access Controls

Mechanisms for enforcing granular access policies on sensitive data and credentials.

Distinguishing note: Focuses on the access control policy enforcement rather than the storage itself.

Explore 125 awesome GitHub repositories matching security & cryptography · Sensitive Data Access Controls. Refine with filters or upvote what's useful.

Awesome Sensitive Data Access Controls GitHub Repositories

用 AI 发现最棒的仓库。我们将通过 AI 为您搜索最匹配的仓库。
  • awesome-selfhosted/awesome-selfhostedawesome-selfhosted 的头像

    awesome-selfhosted/awesome-selfhosted

    299,516在 GitHub 上查看↗

    这是一个由社区策划的开源软件目录,专为在私有服务器环境和家庭实验室中部署而设计。它作为发现主流云服务独立自托管替代方案的综合资源,使用户能够保持对数字基础设施的完全数据所有权和控制权。 该目录通过层级分类法构建,将庞大的应用程序集合组织成逻辑类别,范围从媒体管理和数据分析到私有通信和团队生产力工具。它通过协作同行评审流程脱颖而出,社区成员验证每个提交的质量和相关性,以确保目录保持准确和可靠。 该项目涵盖了广泛的能力领域,包括基础设施自动化、基于容器的服务部署和声明式配置管理。这些工具协助用户维护可复现的服务器环境,并管理私有硬件上的复杂服务依赖。 该目录作为版本控制仓库进行维护,确保所有更新和社区驱动的变更都是可追踪且透明的。

    Enables the sharing of private data through encrypted, self-destructing links that expire after a specific time or single use.

    awesomeawesome-listcloud
    在 GitHub 上查看↗299,516
  • facebook/reactfacebook 的头像

    facebook/react

    245,669在 GitHub 上查看↗

    React 是一个用于构建用户界面的 JavaScript 库,采用组件化架构和单向数据流。

    Blocks high-entropy values from being passed to client components by registering them with a lifetime.

    JavaScriptjavascriptuifrontend
    在 GitHub 上查看↗245,669
  • affaan-m/eccaffaan-m 的头像

    affaan-m/ECC

    221,981在 GitHub 上查看↗

    ECC 是一个 LLM 智能体编排框架和跨平台 AI 工具套件,旨在协调多模型工作流。它提供了一个用于管理专业智能体角色、可复用技能和结构化规划的系统,以在不同的 AI 驱动代码编辑器中执行复杂的软件开发任务。 该项目作为模型上下文协议(Model Context Protocol)管理器脱颖而出,提供了一个配置层来集成外部服务器并审计工具执行。它进一步实现了一个智能体安全沙箱,限制敏感文件访问并扫描密钥泄露,以保护自主工作流。 该框架涵盖了广泛的能力领域,包括带有测试驱动开发护栏的 AI 编码工作流自动化、通过智能路由实现模型成本优化以及状态隔离的内存管理。它还包括用于强制执行特定语言编码标准和管理跨各种集成开发环境的智能体行为的工具。 该系统通过命令行界面进行管理,该界面处理工具安装、配置修复和工具预设的部署。

    Blocks agents from reading sensitive files like environment variables to protect security credentials.

    JavaScript
    在 GitHub 上查看↗221,981
  • garrytan/gstackgarrytan 的头像

    garrytan/gstack

    110,596在 GitHub 上查看↗

    gstack is an AI agent framework and development workflow system designed to automate the software development lifecycle. It coordinates specialized AI personas to manage tasks across product design, engineering management, and quality assurance, transforming product intent into technical specifications and final releases. The project is distinguished by its deep integration of headless browser automation and semantic code memory. It utilizes a persistent Chromium daemon for web scraping and visual auditing, and implements a searchable knowledge base that logs architectural decisions and repos

    Enforces access policies to block credentials and PII from being sent to external APIs.

    TypeScript
    在 GitHub 上查看↗110,596
  • doocs/advanced-javadoocs 的头像

    doocs/advanced-java

    78,987在 GitHub 上查看↗

    This project is a comprehensive Java backend engineering guide and technical reference focused on high-concurrency design, distributed systems, and microservices architecture. It provides detailed strategies for decomposing monolithic applications, managing service discovery, and implementing the architectural patterns required for scalable backend environments. The repository distinguishes itself through an extensive collection of big data algorithmic references and database scaling strategies. It covers memory-efficient techniques for analyzing massive datasets, such as Top-K element extrac

    Protects sensitive information and service access through granular identity and access management frameworks.

    Javaadvanced-javadistributed-search-enginedistributed-systems
    在 GitHub 上查看↗78,987
  • hashicorp/vaulthashicorp 的头像

    hashicorp/vault

    35,796在 GitHub 上查看↗

    Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguish

    Enforces granular access controls on sensitive data through programmatic and command-line interfaces.

    Gogosecretsvault
    在 GitHub 上查看↗35,796
  • chopratejas/headroomchopratejas 的头像

    chopratejas/headroom

    29,537在 GitHub 上查看↗

    Headroom is an AI gateway proxy and token optimizer designed to reduce the cost and latency of large language model interactions. It functions as an intermediary that intercepts traffic between clients and providers to apply context compression, request routing, and format translation. The system differentiates itself through a Model Context Protocol server implementation that delivers compression and retrieval tools to compatible AI hosts. It employs a content-aware compression pipeline and tiered importance scoring to trim redundant data from logs and tool outputs while preserving essential

    Prevents the storage of API keys and ensures sensitive content passes through the proxy without modification.

    Pythonagentaianthropic
    在 GitHub 上查看↗29,537
  • sipeed/picoclawsipeed 的头像

    sipeed/picoclaw

    29,430在 GitHub 上查看↗

    Picoclaw is a lightweight framework designed for the deployment and orchestration of autonomous software agents. It functions as a cross-platform runtime that packages the entire system into a single self-contained binary, enabling native execution across diverse hardware architectures including RISC-V, ARM64, and x86_64. The platform is specifically optimized for resource-constrained environments, ensuring minimal startup times and a low memory footprint. The system distinguishes itself through intelligent task orchestration, which routes incoming requests to specific inference models based

    Protects sensitive credentials by isolating them in separate configuration files to prevent accidental exposure.

    Go
    在 GitHub 上查看↗29,430
  • mongodb/mongomongodb 的头像

    mongodb/mongo

    28,158在 GitHub 上查看↗

    This project is a distributed, document-oriented database system designed to store information in flexible, hierarchical structures. It supports horizontal scaling through automated sharding and maintains high availability across global clusters using a multi-node replication protocol. By executing multi-document operations as atomic units, the system ensures data integrity and consistency across distributed environments. The platform distinguishes itself by integrating advanced vector-based indexing, which enables semantic similarity searches alongside traditional geospatial and lexical quer

    Protects sensitive information with granular access policies, encryption, and auditing.

    C++c-plus-plusdatabasemongodb
    在 GitHub 上查看↗28,158
  • marmelab/react-adminmarmelab 的头像

    marmelab/react-admin

    26,780在 GitHub 上查看↗

    React-admin is a framework for building data-driven administrative interfaces that connect to REST or GraphQL backends. It provides a comprehensive suite of tools for managing the full lifecycle of administrative applications, including resource-oriented routing, declarative form scaffolding, and context-driven state management. By utilizing a modular adapter-based architecture, the framework abstracts backend communication, allowing developers to build consistent CRUD interfaces that handle data fetching, authentication, and synchronization automatically. The project distinguishes itself thr

    Limits user permissions to specific data entries by matching record attributes against defined access rules.

    TypeScriptadminadmin-dashboardadmin-on-rest
    在 GitHub 上查看↗26,780
  • zama-ai/fhevmzama-ai 的头像

    zama-ai/fhevm

    25,215在 GitHub 上查看↗

    fhevm is a full-stack blockchain framework designed to integrate Fully Homomorphic Encryption into smart contracts. It provides a platform for developing confidential smart contracts that can process encrypted data and execute private on-chain computations without decrypting the underlying information. The framework utilizes a coprocessor system to offload resource-intensive encrypted operations to an asynchronous service, improving blockchain performance and scalability. It incorporates a secure key management service based on multi-party computation and a zero-knowledge proof verifier to en

    Provides a system for specifying encrypted data requirements and managing access control logic within smart contracts.

    Rustblockchainfheprivacy
    在 GitHub 上查看↗25,215
  • rohitg00/agentmemoryrohitg00 的头像

    rohitg00/agentmemory

    23,785在 GitHub 上查看↗

    AgentMemory is a persistent knowledge store and memory server designed to provide AI coding agents with long-term memory. It functions as a knowledge graph engine and vector database store that saves and recalls project context, architectural decisions, and patterns across different sessions. The system distinguishes itself by using a tiered-memory consolidation pipeline that compresses raw observations into episodic, semantic, and procedural layers to optimize token usage. It employs a hybrid retrieval strategy combining keyword matching, vector embeddings, and graph traversal to surface rel

    Strips API keys and secrets from captured observations before storage to ensure privacy.

    TypeScriptagentmemoryagentsai
    在 GitHub 上查看↗23,785
  • vectordotdev/vectorvectordotdev 的头像

    vectordotdev/vector

    22,071在 GitHub 上查看↗

    Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network

    Automatically detects and masks sensitive information like PII from data streams during processing.

    Rusteventsforwarderhacktoberfest
    在 GitHub 上查看↗22,071
  • modelcontextprotocol/python-sdkmodelcontextprotocol 的头像

    modelcontextprotocol/python-sdk

    21,729在 GitHub 上查看↗

    The Model Context Protocol SDK is a framework for building clients and servers that connect AI models to external data, tools, and resources using a standardized communication protocol. It provides the foundational libraries and interfaces necessary to establish reliable, transport-agnostic connections between AI agents and external systems, enabling seamless information retrieval and task automation. The SDK distinguishes itself through a robust capability negotiation handshake that ensures compatibility between connected parties before exchanging messages. It supports a pluggable transport

    Implements authorization mechanisms to restrict access to sensitive tools and data.

    Python
    在 GitHub 上查看↗21,729
  • davila7/claude-code-templatesdavila7 的头像

    davila7/claude-code-templates

    20,933在 GitHub 上查看↗

    Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust C

    Prevents accidental inclusion of sensitive files like private keys and environment variables in version control.

    Pythonanthropicanthropic-claudeclaude
    在 GitHub 上查看↗20,933
  • qax-os/excelizeqax-os 的头像

    qax-os/excelize

    20,682在 GitHub 上查看↗

    Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o

    Protects sensitive spreadsheet data by applying encryption to the workbook file to restrict unauthorized access.

    Goagentaianalytics
    在 GitHub 上查看↗20,682
  • claude-code-best/claude-codeclaude-code-best 的头像

    claude-code-best/claude-code

    20,272在 GitHub 上查看↗

    Claude Code is a command-line interface and multi-agent orchestration framework designed for autonomous software engineering. It enables AI agents to perform codebase modifications, debugging, and Git workflow management while coordinating multiple specialized agents to decompose and execute complex engineering tasks in parallel. The system distinguishes itself through a high degree of isolation and safety, utilizing Git worktrees to create independent working directories for concurrent agents and implementing a tiered permission system that combines user rules, project policies, and OS-level

    Removes authorization tokens and cookies from error payloads to prevent credential leakage during telemetry export.

    TypeScript
    在 GitHub 上查看↗20,272
  • niri-wm/niriniri-wm 的头像

    niri-wm/niri

    20,069在 GitHub 上查看↗

    Niri is a Wayland compositor and tiling window manager designed for Linux systems. It functions as a display server that organizes application windows into a scrollable, column-based layout, providing a structured environment for managing graphical sessions, input routing, and hardware output. The project distinguishes itself through a declarative configuration engine that enables live-reloading of settings, allowing users to modify window rules, input bindings, and visual appearance without restarting the session. It features a physics-based animation system that uses spring-based curves to

    Protects private information by replacing specific windows with solid black rectangles during screen captures.

    Rustrustsmithaytiling-window-manager
    在 GitHub 上查看↗20,069
  • rrweb-io/rrwebrrweb-io 的头像

    rrweb-io/rrweb

    19,775在 GitHub 上查看↗

    rrweb is a DOM session recording library and serialization framework used to record and replay web sessions. It converts the state of a web page into a serializable JSON data structure and tracks mutations to reconstruct user interactions within a replay engine. The system distinguishes itself by using a sandboxed iframe for reconstruction to isolate replayed content, preventing script execution and form submissions. It ensures visual consistency through CSS inline-style flattening and provides sensitive data masking to prevent private information from being captured. The project covers a br

    Prevents specific HTML elements or text from being recorded using CSS classes or field detection.

    TypeScript
    在 GitHub 上查看↗19,775
  • p0deje/maccyp0deje 的头像

    p0deje/Maccy

    18,635在 GitHub 上查看↗

    Maccy is a lightweight clipboard manager for macOS that captures and stores text and images copied to the system clipboard. It provides a searchable interface for retrieving historical content, allowing users to access previously copied items through a keyboard-driven workflow. The application distinguishes itself by prioritizing privacy and performance through automated filtering and local data management. It employs pattern matching to identify and exclude sensitive information, such as passwords, from being saved. All history is maintained in a local database, with an in-memory index that

    Automatically filters and excludes passwords or private information from being saved in the clipboard history.

    Swiftclipboard-managermaccymacos
    在 GitHub 上查看↗18,635
上一个123456…7下一个
  1. Home
  2. Security & Cryptography
  3. Sensitive Data Access Controls

探索子标签

  • AI Edit Approvals1 个子标签Controls for requiring manual user confirmation before AI agents can modify specific sensitive files. **Distinct from Sensitive Data Access Controls:** Focuses on the approval process for AI-generated edits rather than general data access policies.
  • Automatic RedactionSecurity features that automatically detect and remove sensitive information from data streams. **Distinct from Sensitive Variable Redaction:** Distinct from general access controls: focuses on automated content filtering rather than policy-based access.
  • Consent-Based Access ControlsRequires explicit user consent for data sharing and tool execution with clear authorization interfaces. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on user consent workflows rather than policy-based access control enforcement.
  • Credential MaskingTechniques for obscuring sensitive strings and secrets in logs and configurations. **Distinct from Sensitive Data Access Controls:** Distinct from general access controls: focuses specifically on the masking of sensitive strings to prevent accidental leakage in logs.
  • Credential RedactionAutomatically removes authorization tokens and cookies from logs and error payloads before transmission. **Distinct from Sensitive Data Access Controls:** Specifically targets the redaction of credentials in logs, distinct from general access control policies.
  • Data Loss Prevention1 个子标签Monitors and controls data in motion, at rest, and in use to block or encrypt sensitive information and prevent breaches. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on monitoring and blocking data exfiltration, not just access policies.
  • Data Masking1 个子标签Replacing sensitive data fields with placeholders to prevent exposure in logs or outputs. **Distinct from Secure Data Erasure:** Distinct from Secure Data Erasure which focuses on physical storage overwriting, and Access Controls which focus on permissions.
  • Data Sensitivity Classifications1 个子标签Categorizes data into tiers such as public, internal, confidential, and restricted to apply appropriate security controls. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on the classification tiering itself, not the enforcement of access policies on already-classified data.
  • Dynamic Data MaskingReplaces sensitive information in real-time request and response bodies using patterns like regex. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on the obfuscation of data in transit rather than the policy of who can access it.
  • Dynamic Mask SwitchingThe process of selecting the most appropriate mask from a collection based on user input in real time. **Distinct from Dynamic Data Masking:** Focuses on switching between multiple input masks for UI formatting, unlike data masking for obfuscation.
  • Encrypted Data DefinitionsSystems for defining which specific data fields remain encrypted and the associated access logic. **Distinct from Sensitive Data Access Controls:** Focuses on the definition and specification of encrypted state within contracts, rather than the general enforcement of access policies.
  • Logical Access Rules2 个子标签Granular access control for specific data cells or records. **Distinct from Sensitive Data Access Controls:** Distinct from general sensitive data controls: focuses on cell-level or record-level logic within shared datasets.
  • Model Inference AttacksExtracts private training data attributes or membership status by analyzing a model's predictions. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on exploiting model outputs to infer sensitive data, not enforcing access policies on stored data.
  • Model Training Opt-InControls whether uploaded documents are used to improve underlying AI models, with discounted rates for participation. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on data usage for model training, not access control policies.
  • PII MaskingEncrypts or obscures personally identifiable information in network traffic to prevent leakage. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on the transformation/masking of data for privacy rather than access permissions.
  • Resource Access SimulationsControlled interfaces for accessing sensitive data streams to test authorization logic and access control resilience. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on simulating access for testing purposes rather than enforcing production-grade policies.
  • Secret Scrubbing1 个子标签Automated removal of sensitive credentials and API keys from data before storage. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on the destructive removal of secrets (stripping) rather than managing access permissions to them.
  • Self-Destructing Sharing1 个子标签Mechanisms for sharing sensitive data via links that expire after a set time or number of views. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on the ephemeral sharing mechanism rather than general access policy enforcement.
  • Sensitive Content Obscuration1 个子标签Replaces specific windows with solid black rectangles during screen captures to protect private information. **Distinct from Sensitive Data Access Controls:** Focuses on visual obscuration during capture rather than general data access control.
  • Sensitive Display RestrictionsUI mechanisms to prevent the automatic rendering of sensitive health data on device interfaces. **Distinct from Sensitive Data Access Controls:** Distinct from Sensitive Data Access Controls: focuses on the visual rendering layer rather than general data access policy enforcement.
  • Version Control ProtectionPrevents accidental inclusion of environment files and private keys in version control. **Distinct from Sensitive Data Access Controls:** Focuses on version control protection, distinct from general sensitive data access controls.
  • Workbook Encryption1 个子标签Protects spreadsheet files by applying encryption to restrict unauthorized access. **Distinct from Sensitive Data Access Controls:** Distinct from general sensitive data access controls: focuses specifically on file-level encryption for spreadsheet documents.