← Back to blog

And now… CipherStash Proxy!

Lindsay
Lindsay HolmwoodChief Product Officer
Proxy hero

Following fast on the heels of last week’s Protect.js announcement, we’re excited to introduce version 2 of CipherStash Proxy, our no-code data-protection solution for PostgreSQL. CipherStash Proxy keeps your sensitive data in PostgreSQL encrypted and searchable, without changing your SQL queries. This means that you can protect your most sensitive data with strong security controls, without slowing down your dev team.

No changes in your app

While Protect.js gives you a library of powerful functions for your Node.js apps to encrypt, search, and decrypt data in your database, Proxy takes this one step further — put Proxy between your app and your database, and let Proxy transparently encrypt your sensitive data for you.

Proxy also keeps encrypted data searchable, with searchable encrypted indexes for text and numeric data. The data being searched is never decrypted. Fine-grained data protection in minutes

CipherStash Proxy works by transparently encrypting data and transforming queries to and from your application and your database. Proxy analyzes SQL queries, encrypts data going into PostgreSQL, and decrypts data coming out of PostgreSQL. With a unique encryption key for every column, in every row, in every table, you get extremely fine-grained visibility of when and what sensitive data is being accessed.

This gives companies building apps for regulated sectors the ability to store sensitive data securely, while not compromising on functionality or usability in their apps. Teams that drop CipherStash Proxy into their stack can be up and running in local dev in less than 5 minutes, and have a fine grained audit trail of each sensitive data accessed in production.

For companies working with health care data like medical record numbers, free-text patient notes, and prescription histories, CipherStash Proxy encrypts the data before it hits the database, while maintaining your app’s ability to query it with normal SQL.

Your data; your database

CipherStash Proxy is built on CipherStash’s ZeroKMS key management service, backed by AWS’s industry-leading key management service AWS KMS.

Behind the scenes, Proxy uses our own Encrypt Query Language (EQL) to index and search encrypted data. EQL is a set of abstractions for transmitting, storing, and interacting with encrypted data and indexes in PostgreSQL, and is open source on GitHub. Proxy transparently rewrites your SQL queries to use EQL functions and operators. This means you can store and search encrypted data inside your existing PostgreSQL database, right alongside your existing data.

Slow down cybercriminals, not your team

With CipherStash Proxy, searches of encrypted data are fast, adding only milliseconds to query execution time in PostgreSQL. Proxy is engineered to be easy for devs to set and forget, so your engineering teams can get on with shipping quality features instead of doing data security acrobatics.

DevOps teams, platform engineers, and SREs can get detailed insights into encryption performance and operations by scraping Proxy’s Prometheus metrics. Adopting a new infrastructure tool can be a daunting task, especially when that tool is handling your most sensitive data. Proxy’s Prometheus metrics make it easy to see what Proxy is doing, so you can understand its performance profile.

Proxy’s data access audit trail is vital evidence for proving to your customers how effectively you are securing their data. This creates opportunities for your business to store and use more data without fear — a security differentiator that helps you win deals and retain customers.

SOC 2 compliant

CipherStash, including the ZeroKMS key service, is SOC 2 compliant. You can learn more in our Trust Center.

Get started with Docker or AWS Marketplace

CipherStash Proxy is available as a container image on Docker Hub, and the source code is available on GitHub.

Because Proxy doesn’t need any changes to your application’s code, you can get up and running in local dev in less than five minutes — no downtime for your engineers. Check out the Getting started guide or get in touch and we’ll walk you through it.

It costs nothing to fire up Proxy in a dev workspace. And when you want to start encrypting data in prod, we’ve got pricing options that are fit for your wherever your business is at. And if you’ve got AWS committed spend burning a hole in your pocket, you also have the option of buying Proxy through the AWS Marketplace.

Coming soon for Proxy

We’re just getting started with Proxy, and we have a bunch of cool features landing soon:

  • Encrypted JSON support

  • GROUP BY query support

  • LIKE / ILIKE support

  • Multi-platform Docker images

CipherStash Proxy is in active use by our customers, and we’ll be sharing some of their success stories soon.

Ready when you are!

Secure your data without slowing down your dev teams today with CipherStash Proxy – get started now.

Start protecting your data

Get started by creating a free account and choosing your integration path, or get in touch to learn more.

Start your projectGet in touch →