Liking cljdoc? Tell your friends :D

Taoensso open source
Documentation | Latest releases | Get support

Tempel

Data security framework for Clojure

Tempel is a lightweight encryption framework that wraps the JVM's native crypto facilities to provide a high-level Clojure API that is: idiomatic, simple, and easy-to-use even for non-experts.

It incorporates best practices and reasonable defaults to help simplify many common data security needs.

Latest release/s

Main tests Graal tests

See here for earlier releases.

Why Tempel?

  • Easy-to-use, high-level API focused on common tasks like logins, encryption, signing, etc.
  • Reasonable defaults including choice of algorithms and work factors
  • Future-proof data formats with auto-updated algorithms and work factors over time
  • Support for ⧉ symmetric, ⧉ asymmetric (public-key), and ⧉ end-to-end (E2EE) encryption
  • Automatic ⧉ scrypt and ⧉ pbkdf2 support for easy password-based key stretching
  • Simple key management API for password resets, key rotations, etc.
  • Beginner-oriented documentation and docstrings
  • Comprehensive test suite with >60k unit tests

Note that Tempel is not intended for interop with other cryptographic tools/APIs.

Roadmap

Tempel has a fixed scope, and is fully complete. I'm happy with its design and implementation, and believe it meets all its objectives in its current form. I'm not anticipating significant changes.

Still, given the sensitivity of the problem domain, I plan to approach Tempel's official stable release as a phased rollout to allow time for feedback before locking things down:

PhaseDateReleaseAppropriate for
2023-11v1.0-alphaDev/testing with disposable data
2024-02v1.0-betaDev/testing with disposable data
2024-03v1.0-RCStaging, with ephemeral or low-value data
2024-06v1.0 finalProduction, with real data

v1.0 final will be considered "done"- the library is expected to need+see only minimal maintance from that point.

Disclaimer

Important: while Tempel has been written and tested with care, the nature of the problem domain inevitably means that bugs and/or misuse can be especially harmful and/or easy to make.

Bugs and/or misuse could lead to security vulnerabilities or even permanent data loss.

Please be very careful evaluating Tempel and/or other cryptographic libraries/frameworks before use, especially new libraries/frameworks like Tempel!

Security

See here for security advisories and/or to report security vulnerabilities.

Documentation

Funding

You can help support continued work on this project, thank you!! 🙏

License

Copyright © 2023-2024 Peter Taoussanis.
Licensed under EPL 1.0 (same as Clojure).

Can you improve this documentation?Edit on GitHub

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close