Citadel

Encrypted-first embedded database engine that outperforms unencrypted SQLite.

AES-256-CTR + HMAC-SHA256 on every page. Written in Rust.

View on GitHubTry in Browser

Encrypted at Rest

AES-256-CTR or ChaCha20, HMAC-SHA256 per page. No plaintext ever touches disk.

Full SQL Engine

JOINs, subqueries, CTEs, UNION/INTERSECT/EXCEPT, aggregates, indexes, constraints, ALTER TABLE.

ACID Transactions

Copy-on-Write B+ tree with shadow paging. Snapshot isolation, no WAL.

P2P Encrypted Sync

Merkle tree diffing over Noise protocol. Forward secrecy with ephemeral keys.

Cross-Platform

Windows, Linux, macOS, and more. C FFI and WebAssembly bindings.

Self-Contained

Single-file database. No external services, no runtime, no config.

Quick Start

cargo add citadeldb citadeldb-sql
use citadel::DatabaseBuilder;
use citadel_sql::Connection;

let db = DatabaseBuilder::new("my.db")
    .passphrase(b"secret")
    .create()?;

let mut conn = Connection::open(&db)?;
conn.execute("CREATE TABLE users (id INTEGER PRIMARY KEY, name TEXT NOT NULL);")?;
conn.execute("INSERT INTO users (id, name) VALUES (1, 'Alice');")?;
let result = conn.query("SELECT * FROM users;")?;

Recent Posts