Concepts

CipherStash Proxy

CipherStash Proxy (or just Proxy) helps you protect sensitive data in your SQL databases with no downtime or changes to client applications. Proxy uses encryption-in-use technology, is quick and easy to deploy, and scale to meet the intense demands of any data driven business. It works in-tandem with your existing infrastructure and is fully contained within your environment.

Proxying PostgreSQL

Proxy is a proxy for PostgreSQL databases, ensuring secure data transactions across all applications accessing your data, with no need for modifications to the applications. It encrypts and decrypts data in real time, making encryption-in-use possible for your existing applications and systems. Precision access control and automatic secrets rotation enhance security, allowing for fine-grained access policies while mitigating credential theft risks.

How it works

  1. Proxy deploys as a Docker container which acts as a gateway between applications and your database. The solution is cloud-native and can deploy in public or private cloud, on premise, and on your personal devices.

  2. Proxy maps SQL statements to the corresponding encrypted fields in your database to maintain functionality across all application types.

  3. When combined with CipherStash's Zero Trust Key Management Service, Proxy encrypts data with a unique key for every record in your database.

tandem-architecture

Figure: Application architecure using Proxy

Read the whitepaper

If you'd like to learn more about Proxy, please request the whitepaper.

Previous
Enabling encrypted SQL