API | Wiki | Slack | Latest release: v1.0.0 (2025-11-05)
Tempel
Data security framework for Clojure
Tempel is a lightweight encryption framework that wraps the JVM's native crypto facilities to provide a particularly high-level Clojure API for easily protecting your users' data.
More than another collection of crypto utils, Tempel offers a coherent and opinionated API for secure data management that is focused on helping with the toughest parts of actually using encryption in practice.
Its tiny API and focus on smart keychains helps shield you from unnecessary and error-prone complexity, greatly simplifying the most common data security needs.
👉 Tempel is NOT intended for interop with other cryptographic tools/APIs!
Why Tempel?
- Easy-to-use, high-level API focused on common tasks like logins, encryption, signing, etc.
- Reasonable defaults including choice of algorithms and work factors.
- Future-proof data formats with auto-updated algorithms and work factors over time.
- Support for ⧉ symmetric, ⧉ asymmetric (public-key), and ⧉ end-to-end (E2EE) encryption.
- Automatic ⧉ scrypt and ⧉ pbkdf2 support for easy password-based key stretching.
- Simple key management API for password resets, key rotations, etc.
- Extensive beginner-oriented documentation, docstrings, and error messages.
- Comprehensive test suite with >60k unit tests.
Disclaimer
⚠️ Important: this software is provided "as is" and without warranty of any kind. You use it at your own risk!
While Tempel has been written and tested with care, the nature of the problem domain inevitably means that it can be easy to misuse and sensitive to bugs.
Misuse or bugs can be especially harmful - potentially leading to security vulnerabilities or even permanent data loss!
Whenever you use cryptographic libraries/frameworks (including Tempel), please test very carefully and always back up important data!
Video demo
See for intro and usage:
Quick example
(require
'[taoensso.tempel :as tempel]
'[taoensso.nippy :as nippy])
;; Create a new private `KeyChain`:
(def my-keychain! (tempel/keychain))
;; => {:n-sym 1, :n-prv 2, :n-pub 2, :secret? true}
;; Use our `KeyChain` to encrypt some data:
(def my-encrypted-data
(tempel/encrypt-with-symmetric-key
(nippy/freeze "My secret data")
my-keychain!)) ; => Encrypted bytes
;; Get back the original unencrypted data:
(nippy/thaw
(tempel/decrypt-with-symmetric-key
my-encrypted-data my-keychain!)) ; => "My secret data"
;; It's safe to store encrypted `KeyChain`s:
(def my-encrypted-keychain
(tempel/encrypt-keychain my-keychain!
{:password "My password"})) ; => Encrypted bytes
;; Get back the original unencrypted `KeyChain`:
(= my-keychain!
(tempel/decrypt-keychain my-encrypted-keychain
{:password "My password"})) ; => true
;; `KeyChain`s also support:
;; - `encrypt-with-1-keypair`
;; - `encrypt-with-2-keypairs`
;; - `sign`
;; See docstrings and/or wiki for more info!
Documentation
- Wiki (getting started, usage, etc.)
- API reference via cljdoc
- Support via Slack or GitHub issues
Security
See here for security advisories and/or to report possible security vulnerabilities.
Funding
You can help support continued work on this project and others, thank you!! 🙏
License
Copyright © 2023-2025 Peter Taoussanis.
Licensed under EPL 1.0 (same as Clojure).
Can you improve this documentation?Edit on GitHub
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |