Open-source, data privacy vault to store and manage PII in a fully compliant manner.
Thorn is an open source, data privacy vault that uses encryption, tokenisation & configurable access control to meet security, compliance, residency requirements. Bake compliance with GDPR, CCPA and other privacy compliance laws into your architecture and protect your customer's data.
- Restful Service RESTful APIs that work with any language or framework
- Highly Performant Designed from the ground up for high performance and ultra low latency usecases
- Run Anywhere Cloud, on-premise, or serverless, Subrose can run anywhere, no vendor lock-in, no strings attached
- Audit Logs Every action on the vault is logged with full context
- 🔜 1-Click Deploy to cloud providers
- 🔜 Automatic Secret Rotation custom encryption providers (Hashicorp Vault/NaCl secretbox)
- 🔜 PII types pre-configured PII types
And more.
Warning Thorn is currently in pre-alpha and not ready for usage, however contributions and discussions are more than welcome at this stage.
To spin up the development enviroment:
docker-compose up
This will spin up the thorn api and postgres for data storage. Full development guide coming soon.
Subrose makes privacy engineering & compliance straightforward by default. We're on a mission to make data privacy and compliance easy for all developers.
If you care about protecting your customer's data, complying with regulation and having a secure by default then Subrose is right for you.
We are currently working hard to make Subrose more extensive and adding features by the day. Need any integrations or want a new feature? Feel free to create an issue or contribute directly to the project.
- GitHub Discussions (For getting help, providing feedback or discussing privacy engineering.)
- GitHub Issues (For any bugs and errors you encounter using Subrose)
- Twitter (For realtime updates)
- Linkedin (For company information)
This repo is available under the MIT expat license. See the LICENSE file for more info.
Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our SECURITY.md file.
Contributions in all forms are welcome!