Cybersecured Open-Source NoSQL Database

Cybersecured Database designed for Data Loss Prevention
that Developers, Administrators, Cybersecs and Managers love ♥

For Developers

  • quick start for newjoiners, easy software development
  • clean, readable and maintanable code of your apps, while keeping them secure
  • works on schemaless JSON (schema is an option, not requirement)
  • automatic data conflicts resolution (as an option)
  • observable data streams - watch for changes

For IT Administrators

  • quick and easy setup
  • secured by default
  • consistent data without clustering (no split-brain problems)
  • can work on existing infrastructure and stack
  • easy backup (filesystem snapshot)
  • both On-Premise-friendy and Cloud-friendly

For Cybersec Specialists

Reduce negative effects of the following attacks:
  • database or application server hack
  • infrastructure/hosting/cloud provider hack
  • lost/stolen backup
  • internal threat (including IT administrators and programmers)

For Business Managers

  • security first
  • low-cost deployment
  • better data protection
  • auditable history that is hard to tamper
  • quicker and cheaper development
  • be more compliant with General Data Protection Regulation (GPDR) and California Privacy Rights Act (CPRA)


SecuDB is an open-source secure by default database that stores encrypted JSON data using signed chain-like structure (log of changes stored as interconnected previous-next list of records) in a filesystem-based storage, including NAS (CIFS/SMB/Samba) or AWS S3.



SecuDB stores metadata about changes including audit trail and keeps whole history, that helps to answer important questions: Who? When? What? Why?

Schemaless or Schema-based

SecuDB is a NoSQL schemaless database that natively handles JSON data, which makes it very easy to integrate with any new or existing application. But it's possible to add optional schema layer on top of it in Enterprise edition.

Events, Entities, Files...

SecuDB can be used both to store Events (standalone unmodifiable occurences), versioned Entities/Objects (modifiable structures) and Files (blobs). So you can use SecuDB in an Event-Sourcing way or as a Object/Document Store or as a versioned File Store that allows to apply modifications while keeping whole changelog - however you like. You can even mix all the ways!

Encryption & Signatures

  • Node (Server or Embedded Engine) is chain-linking all new records with previously stored and signing it using node's signature private key
  • Uses AES-256 encryption to transform data before saving in the storage (symmetric key shared accross nodes)
  • Optionally it is possible to turn on end-to-end encryption for clients
  • Optionally it is possible to turn on and enforce signatures by clients

Optimistic Locks and Auto-Merge

SecuDB supports both optimistic locking (will cancel the transaction if there was concurrent change) and automatic conflicts resolution mechanism by merging changes to the stored version of an Entity. Again, You choose! With SecuDB it is easier to create applications that allows offline modifications.

Huge blobs and deduplication

For data deduplication and making sure that the large binaries (files) or immutable parts won't be transferred multiple times, SecuDB implements its own Blobs managing mechanism. Blobs are defined as attachments/relations for Events and Entities. And you can also store versioned files with meta properties as specific Entities!

REST API and GraphQL

To easily integrate with frontend code, SecuDB provides REST API and basic schemaless GraphQL support. Be aware that client signatures and end-to-end encryption may require usage of dedicated SecuDB Client Library.


  • In-Memory
  • Local filesystem
  • NAS (CIFS/SMB/Samba)
  • AWS S3 or compatible
... and even more soon

Supported Languages

  • JVM (Java, Kotlin, Scala) - the Engine and JVM Client natively implemented in Java
  • JavaScript/TypeScript client - should work fine for web applications and SPA (JS/Vue/Angular/React), hybrid mobile applications (Cordova/Ionic) and desktop applications (Electron, NW.js), as also in Javascript-based servers and command-line tools (Node.js)
... and even more soon


SecuDB supports transactional changes (e.g. to perform atomitic modification of two separate Entities). Even without complex transactions it ensures that a single Entity is modified atomitically.

Two-Phase Commits

SecuDB allows to implement two-phase commit flow to orchestrate multiple changes in distributed systems. Precommit tries to temporarily commit current transaction state and, until specified deadline, locks elements that were used in the transaction (in shared read or exclusive read/write mode) to ensure that no other commit will overwrite them.

Resumable Commits

Transactions may be temporarily commited (precommited) and resumed even on another machine using it's transaction identifier. Until specified deadline, locks will be kept for elementes used in the transaction.

Open Source

Most of SecuDB source code has been written in Java and made publicly available as Open Source in GitHub. Additionally, client libraries in different languages are also available.

Run Server or Embed Engine (JVM)

SecuDB Engine can be embedded into any Java application (server, desktop, command-line) so there is no need to start additional server. Embedded Engine works as a single node. Multiple nodes (Engines or Servers) may run in parallel on the same storage without awareness of themselves and without any worry about data consistency (as long as underlying storage supports atomic operations).

Java JPA Support

Optional SecuDB Persistence module implements subset of Jakarta Persistence API (formerly Java Persistence API) to support transactional handling on POJOs (Plain Old Java Objects) in a easy and standardized way. It automatically handles relations between Entities and stores blobs from marked fields! It should be easy to migrate any JPA-based application, as also to speed up new development in Java. Read more...

Getting started

Visit project at GitHub: for more details, setup instructions and examples.

SecuDB Editions

Feature Community
Cloud / Hosting
Secure using encryption and signatures
Basic Authentication
JWT (Json Web Token) Authentication
Authorization (restrict who can do what)
Web Administration Interface
Monitoring Tools
Professional Support (email & phone)
Dynamic Configuration
Quotas and Statistics API
Proactive Automated ASAP+ Support
Community edition is free for both personal and commercial use (LGPL 3).
Interested in Enterprise or Cloud / Hosting edition? Contact us!