rvault: secure and authenticated store for secrets and small documents
-
Updated
Mar 29, 2026 - C
rvault: secure and authenticated store for secrets and small documents
Very simple envelope encryption library
Transparent property-level encryption for EF Core with envelope encryption and key rotation.
Obsidian plugin for transparent encryption of secret blocks and binary files using AWS KMS. Zero plaintext on disk.
The Eonian Secrets Locker provides in-app decryption of encrypted secrets at runtime. Encrypted secrets can be on the class path, the file system, or in AWS S3. Secrets are decrypted into Java Strings or Properties. Their plaintext is not written to disk. The library provides interfaces which can be implemented by different encryption providers.
Stream-encrypted file vault featuring AES-256-GCM envelope encryption, license-based access control, direct S3 streaming, encryption key versioning/rotation with boot-time checks, and full test coverage.
A Go-based proxy that provides transparent encryption/decryption for S3 objects with envelope encryption.
Ruby bindings for the envelopers envelope-encryption library
코드 변경 없이 마스킹·암호화·위변조 방지를 지원하는 로깅 SDK
Lokki - Aplikasi password manager desktop (Java Swing). Projek akhir PBO yang iseng dikembangin jadi beneran. 100% lokal, enkripsi AES-256-GCM.
Secrets vault & self-hosted KMS for AI agents — client holds only ciphertext, master key lives in a separate mTLS daemon.
Batteries-included Go cryptography library: AES-256-GCM & ChaCha20-Poly1305 authenticated encryption, argon2id/bcrypt password hashing, HMAC & Ed25519 signing, HKDF, key rotation, KMS envelope encryption, and secure random — safe defaults, stdlib-only, byte-for-byte interop with the TypeScript crypt-ts.
Transparent client-side encryption proxy for S3 — AES-256-GCM envelope encryption, zero code changes, Kubernetes-native with Helm chart
Secure arbitrary objects in localStorage using AES-GCM envelope encryption with device-bound KEK (IndexedDB) or Argon2id-derived KEK (master password).
A compliance-hardened NestJS data vault featuring AES-256-GCM application-layer encryption and tamper-evident audit trails.
A SaaS secure VCS (based on Git) for confidential repositories
A key management system with envelope encryption: keys, rotation, DEK/KEK envelope crypto, sealed secrets, and an audit log.
Crypto-shredding + proof-of-deletion engine: per-record AES-256-GCM keys, envelope encryption, and a signed, tamper-evident, offline-verifiable Certificate of Erasure. Provable GDPR/HIPAA data erasure. Zero dependencies.
Rust library and HTTP service for field-level encryption with pluggable key providers — AWS KMS, HashiCorp Vault / OpenBao, or self-hosted. Envelope encryption, per-tenant isolation, AES-256-GCM.
Safety — Client-side encryption and request anonymization. AES-256-GCM envelope encryption. Keys never leave the client.
Add a description, image, and links to the envelope-encryption topic page so that developers can more easily learn about it.
To associate your repository with the envelope-encryption topic, visit your repo's landing page and select "manage topics."