Skip to main content
Open Source · BSD-3-Clause-Clear

Protect the Data,
Build the Future

Open-source data-centric security for developers. OpenTDF delivers the Trusted Data Format (TDF) specification, foundational services for key management and access control, and SDKs — the building blocks to cryptographically bind protection directly to your data, wherever it goes.

Explore the standard. Prototype custom applications. Build architectures where security travels with the data, not the network.

Get StartedView Documentation
encrypt.ts
import { OpenTDF } from '@opentdf/sdk';
// Connect to the platform
const client = new OpenTDF({
authProvider,
platformUrl: 'https://platform.example.com',
});
// Encrypt with attribute-based policy
const encrypted = await client.createTDF({
source: { type: 'buffer', location: new TextEncoder().encode('Hello, OpenTDF!') },
attributes: ['https://example.com/attr/classification/value/secret'],
});
// Only entities whose entitlements satisfy
// the policy will be able to decrypt.
const decrypted = await client.read({
source: { type: 'stream', location: encrypted },
});
console.log(await new Response(decrypted).text());

Traditional Security Fails When Data Leaves the Perimeter

Firewalls, VPNs, and network policies protect the boundary — not the data. The moment a file is shared, downloaded, or moved to a new environment, those controls vanish. Access decisions remain at the perimeter, while the data moves on without them.

OpenTDF inverts this model. Policies travel with the data itself, so you can:

Revoke After Sharing

Revoke access after sharing — even after data has left your environment.

Zero-Trust Enforcement

Enforce controls in zero-trust environments — no VPN, no network dependency.

Complete Audit Trail

Maintain a complete audit trail — know who accessed what, when, and where.

This is data-centric security: protection that's embedded, not bolted on.

Learn the Concepts

Built for Developers

Pick your language. Native SDKs for TypeScript, Go, and Java — plus a CLI for scripting and automation. Everything you need to get building.

TS
Web SDK
TypeScript / JS
npm install @opentdf/sdk
Go
go get github.com/opentdf/platform/sdk
Jv
implementation 'io.opentdf.platform:sdk:<version>'
>_
CLI
otdfctl
Download latest release →
QuickstartAll SDKs
<!-- TDF Object Structure -->
TDF.tdf zip archive
├─manifest.json
├─payloadreference to payload file
├─encryptionInformation
├─keyAccess[]wrapped DEK + KAS URL
├─methodAES-256-GCM
├─integrityInformationhashes / signatures
└─policyABAC attributes (Base64)
└─assertions[]optional signed statements
└─0.payloadencrypted content

Standards-Based Security

Built on the proven NIST ABAC model for interoperability and compliance. OpenTDF follows established standards for attribute-based access control, ensuring your data protection strategy is future-proof and audit-ready.

  • AES-256-GCM authenticated encryption
  • NIST SP 800-162 ABAC model
  • Cryptographic policy binding
  • Open specification — not proprietary
View SpecificationArchitecture Overview

Join the Movement

Open source, open community. Shape the future of data-centric security with developers, security professionals, and organizations from around the world. Contribute code, share ideas, and help build the next generation of data protection.

GitHub
Browse the source
Discussions
Ask questions, share ideas
Contribute
Help build OpenTDF

Ready to Protect Your Data?

Choose your path and start building with OpenTDF today.

Start TutorialBrowse DocumentationView Source