End-to-end secure data storage, processing, and sharing framework with zero trust to storage/exchange infrastructure.

Hermes is AGPL-licensed. Special business-friendly licensing is also available.

Github Product sheet

Crafted with your platform in mind

Secure

End-to-end security.

Integration

Easy integration library and infrastructure.

Storage

Works with any storage scheme.

Hermes provides:

1 Client-centric trust
2 Compatibility with any storage model
3 State/callback integration

End-to-end data security
Hermes is built for applications where the client side is the only trusted entity. Client applications are responsible for data encryption and access control through using Hermes engine, while the server-side knows nothing about the nature of data.

Data model-agnostic
Hermes imposes no limitations on data structure/database choice. Hermes fits anything you use – lists of files, rows in a database, structured documents, etc. Adding new storage types can be as easy as adding 10 lines of code.

Cryptographically bulletproof
Unlike typical ACL and role management schemes, the access control in Hermes relies completely on cryptography, where trust is bound to client’s keys. As long as the keys are safe – the system is safe..

Security cornerstone
With a solid security foundation on the data layer, building other security controls gets easier, the risk model becomes precise, and the overall security cost goes down considerably.

Favourable use

Open-source

Secure the data in GPL-friendly open-source software designed to provide greater privacy for the users.

The GPL version of Hermes comes free of charge for GPL-friendly projects.

If you’re building something that’s exciting and is helping the world to become a better place – let us know, we’re avid supporters of open-source and might get in touch to help you with your project.

Healthcare

Share FHIR and other medical records safely and distribute granular access to personnel in a secure way. Cut HIPAA costs by pushing many security controls to the encryption layer.

Finance

Store and process customer payment data securely, minimise insider threats and enable secure, accountable cross-organisation data exchange.

Enterprise

Protect commercially sensitive data and enforce access control, integrate with existing PKI and IAM stack, enforce group policies and efficient key/storage management – all the while keeping the data end-to-end encrypted.

B2C: Customer apps

Instill greater trust in your product by implementing end-to-end encryption of customer data. It’s not only E2EE messengers that deserve the right to use user trust as competitive advantage. Implement it in your products or infrastructure, hassle-free.

Build with Hermes

Cryptographic access control engine
Deploy Hermes to build cryptographic access control in your application: regulate read and write access through a cryptographic scheme resistant to privilege escalation.

Secure distributed collaboration and data sharing enabler
Hermes is a cryptography-based method of providing protected data storage and sharing that allows the enforcement of cryptographically-checked permissions between any number of Hermes clients.

Multi-user object store
Build end-to-end secure document/object stores where every document or field’s access rights can be granted to any registered user of the system, transparently, and with low overhead.

Security layer for complex data exchange
Collaborating securely when a document is one blob of data is straightforward, but a modern object/document is actually a large tree-like structure. Hermes was designed precisely for today’s applications.

Get started with Hermes

See Hermes documentation for more info and how-tos

Scientific paper Implementation paper Docs GitHub Product sheet

Available for:

Swift Android Web Php Nodejs Ruby Java