Documentation | Latest releases | Get support
Tempel
Data security framework for Clojure
Tempel is a lightweight encryption framework that wraps the JVM's native crypto facilities to provide a high-level Clojure API that is: idiomatic, simple, and easy-to-use even for non-experts.
It incorporates best practices and reasonable defaults to help simplify many common data security needs.
Latest release/s
2024-02-011.0.0-beta1: release notes
See here for earlier releases.
Why Tempel?
- Easy-to-use, high-level API focused on common tasks like logins, encryption, signing, etc.
- Reasonable defaults including choice of algorithms and work factors
- Future-proof data formats with auto-updated algorithms and work factors over time
- Support for ⧉ symmetric, ⧉ asymmetric (public-key), and ⧉ end-to-end (E2EE) encryption
- Automatic ⧉ scrypt and ⧉ pbkdf2 support for easy password-based key stretching
- Simple key management API for password resets, key rotations, etc.
- Beginner-oriented documentation and docstrings
- Comprehensive test suite with >60k unit tests
Note that Tempel is not intended for interop with other cryptographic tools/APIs.
Roadmap
Tempel has a fixed scope, and is fully complete. I'm happy with its design and implementation, and believe it meets all its objectives in its current form. I'm not anticipating significant changes.
Still, given the sensitivity of the problem domain, I plan to approach Tempel's official stable release as a phased rollout to allow time for feedback before locking things down:
| Phase | Date | Release | Appropriate for |
|---|---|---|---|
| 2023-11 | v1.0-alpha | Dev/testing with disposable data | |
| ➤ | 2024-02 | v1.0-beta | Dev/testing with disposable data |
| 2024-03 | v1.0-RC | Staging, with ephemeral or low-value data | |
| 2024-06 | v1.0 final | Production, with real data |
v1.0 final will be considered "done"- the library is expected to need+see only minimal maintance from that point.
Disclaimer
Important: while Tempel has been written and tested with care, the nature of the problem domain inevitably means that bugs and/or misuse can be especially harmful and/or easy to make.
Bugs and/or misuse could lead to security vulnerabilities or even permanent data loss.
Please be very careful evaluating Tempel and/or other cryptographic libraries/frameworks before use, especially new libraries/frameworks like Tempel!
Security
See here for security advisories and/or to report security vulnerabilities.
Documentation
Funding
You can help support continued work on this project, thank you!! 🙏
License
Copyright © 2023-2024 Peter Taoussanis.
Licensed under EPL 1.0 (same as Clojure).
Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close