rvault: secure and authenticated store for secrets and small documents

Very simple envelope encryption library

Transparent property-level encryption for EF Core with envelope encryption and key rotation.

The Eonian Secrets Locker provides in-app decryption of encrypted secrets at runtime. Encrypted secrets can be on the class path, the file system, or in AWS S3. Secrets are decrypted into Java Strings or Properties. Their plaintext is not written to disk. The library provides interfaces which can be implemented by different encryption providers.

Obsidian plugin for transparent encryption of secret blocks and binary files using AWS KMS. Zero plaintext on disk.

Stream-encrypted file vault featuring AES-256-GCM envelope encryption, license-based access control, direct S3 streaming, encryption key versioning/rotation with boot-time checks, and full test coverage.

A Go-based proxy that provides transparent encryption/decryption for S3 objects with envelope encryption.

코드 변경 없이 마스킹·암호화·위변조 방지를 지원하는 로깅 SDK

Ruby bindings for the envelopers envelope-encryption library

Lokki - Aplikasi password manager desktop (Java Swing). Projek akhir PBO yang iseng dikembangin jadi beneran. 100% lokal, enkripsi AES-256-GCM.

Secure arbitrary objects in localStorage using AES-GCM envelope encryption with device-bound KEK (IndexedDB) or Argon2id-derived KEK (master password).

A compliance-hardened NestJS data vault featuring AES-256-GCM application-layer encryption and tamper-evident audit trails.

Post-quantum protected configuration and secrets management for .NET.

A SaaS secure VCS (based on Git) for confidential repositories

Rust library and HTTP service for field-level encryption with pluggable key providers — AWS KMS, HashiCorp Vault / OpenBao, or self-hosted. Envelope encryption, per-tenant isolation, AES-256-GCM.

Safety — Client-side encryption and request anonymization. AES-256-GCM envelope encryption. Keys never leave the client.

MCP server for IBM Z mainframe integration -- Key Protect HSM key management (FIPS 140-2 Level 3) and z/OS Connect REST APIs to CICS, IMS, and batch programs

Opinionated authenticated-encryption envelopes for TypeScript. AEAD + AAD + key commitment + canonical JSON + tiered key management. Makes best-practice cryptography accessible to application developers while preventing common implementation mistakes.

Per-tenant encryption for multi-tenant SaaS. No KMS. No infra.

CryptoRAG: vector search + queryable encryption + client side field level encryption 🤖