CipherStash ProxyRead the getting started guide 

Trusted data access

CipherStash makes sure sensitive data is accessible only to the right people at the right time. Implement robust data security without sacrificing performance or usability.

Trusted data access

Don't choose between security and functionality.

Capture data that was too risky

Collect data based on product and business needs without compromising security.

Customer Information

Please provide your Social Security Number securely.

Performance

Our benchmarks show that our encryptions add minimal overhead to operations.

--

Prove your security

With a cryptographically-proven audit trail, you can prove that data is encrypted and accessible only to the right people.

Empowering engineers

Our developer first approach ensures that engineers can implement and operate CipherStash in any environment.

_> psql
> dynamodb
// Use the same SQL operations that you do today

SELECT email_encrypted FROM users;

// Search on encrypted data using EQL

SELECT email_encrypted FROM users WHERE email_encrypted = "[email protected]";

Encryption in use enables trusted data access.

Encryption in use keeps data encrypted even while it's queried in the database.

Works in any environment

Our encryption is based on industry standard primitives like AES and SHA2 and rigorously tested.

Standard encryption, but searchable
Encryption in use keeps data encrypted while keeping it searchable and usable, built on industry standard primitives like AES and SHA2.
Unique key per value
Encrypt each value individually, which is more secure compared to other encryption solutions that use a limited set of keys for all values.
Encryption as access control
When your database is breached, the data remains encrypted and unreadable without the proper keys. Even if your keys are breached, decryption makes noise in your audit logs.
Meet compliance, enable engineers
Raise the security bar; Help meet compliance objectives & empower your developers to safely work with sensitive data.

Secure data in PostgreSQL and DynamoDB.

With more databases coming soon.

CipherStash Proxy is a transparent proxy that sits between your application and your PostgreSQL database and handles the encryption and decryption of data.Encrypt Query Language (EQL) is used to perform queries on encrypted data without decrypting it, supporting operations like equality checks, range queries, and unique constraints.

>_

# Creating a table with an encrypted columns

CREATE TABLE users (
  id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
  name_encrypted cs_encrypted_v1
);
# Inserting plaintext data using EQL

INSERT INTO
  users (name_encrypted)
VALUES
  ('{"p": "Alice"}');
# Selecting encrypted data using EQL

SELECT
  name_encrypted cs_ciphertext_v1(name_encrypted)
FROM
  users
WHERE
  cs_match_v1(name_encrypted) @> cs_match_v1('{"p": "Alice"}');

We've made the source code available.

Getting started guides are in the repos.

So what makes CipherStash encryption different?

Our searchable encryption scales with your data.

Unique key per value

We built our own key management solution, ZeroKMS, which supports bulk operations to provide a unique data key for every record.

Resilient and secure

With over 3 years of R&D, we've solved a lot of problems because cryptography is hard. We've made it easy to use encryption in your applications.

Not homomorphic encryption

Homomorphic encryption is slow and not practical for most applications. CipherStash is built for the real world use cases you have today.

Want to dive deeper?
We've published a whitepaper.

Watch the demo

Our very own CJ Brewer demonstrates CipherStash Proxy in action.

Frequently Asked Questions

Looking to get started?

Check us out on Github, or book a discovery call to learn more.