Trusted data access
CipherStash makes sure sensitive data is accessible only to the right people at the right time. Implement robust data security without sacrificing performance or usability.
Trusted data access
Don't choose between security and functionality.
Capture data that was too risky
Collect data based on product and business needs without compromising security.
Customer Information
Please provide your Social Security Number securely.
Performance
Our benchmarks show that our encryptions add minimal overhead to operations.
Prove your security
With a cryptographically-proven audit trail, you can prove that data is encrypted and accessible only to the right people.
Empowering engineers
Our developer first approach ensures that engineers can implement and operate CipherStash in any environment.
// Use the same SQL operations that you do today
SELECT email_encrypted FROM users;
// Search on encrypted data using EQL
SELECT email_encrypted FROM users WHERE email_encrypted = "[email protected]";
Encryption in use enables trusted data access.
Encryption in use keeps data encrypted even while it's queried in the database.
Works in any environment
Our encryption is based on industry standard primitives like AES and SHA2 and rigorously tested.
- Standard encryption, but searchable
- Encryption in use keeps data encrypted while keeping it searchable and usable, built on industry standard primitives like AES and SHA2.
- Unique key per value
- Encrypt each value individually, which is more secure compared to other encryption solutions that use a limited set of keys for all values.
- Encryption as access control
- When your database is breached, the data remains encrypted and unreadable without the proper keys. Even if your keys are breached, decryption makes noise in your audit logs.
- Meet compliance, enable engineers
- Raise the security bar; Help meet compliance objectives & empower your developers to safely work with sensitive data.
Secure data in PostgreSQL and DynamoDB.
With more databases coming soon.
CipherStash Proxy is a transparent proxy that sits between your application and your PostgreSQL database and handles the encryption and decryption of data.Encrypt Query Language (EQL) is used to perform queries on encrypted data without decrypting it, supporting operations like equality checks, range queries, and unique constraints.
>_
# Creating a table with an encrypted columns
CREATE TABLE users (
id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
name_encrypted cs_encrypted_v1
);# Inserting plaintext data using EQL
INSERT INTO
users (name_encrypted)
VALUES
('{"p": "Alice"}');# Selecting encrypted data using EQL
SELECT
name_encrypted cs_ciphertext_v1(name_encrypted)
FROM
users
WHERE
cs_match_v1(name_encrypted) @> cs_match_v1('{"p": "Alice"}');
We've made the source code available.
Getting started guides are in the repos.
So what makes CipherStash encryption different?
Our searchable encryption scales with your data.
Unique key per value
We built our own key management solution, ZeroKMS, which supports bulk operations to provide a unique data key for every record.
Resilient and secure
With over 3 years of R&D, we've solved a lot of problems because cryptography is hard. We've made it easy to use encryption in your applications.
Not homomorphic encryption
Homomorphic encryption is slow and not practical for most applications. CipherStash is built for the real world use cases you have today.
Want to dive deeper?
We've published a whitepaper.
CipherStash in the press
Start protecting your data
Check us out on Github, or book a discovery call to learn more.