Getting started

Getting started with CipherStash Proxy

CipherStash Proxy mediates access to your PostgreSQL database and analyzes your SQL in real-time to Audit, Identify and Encrypt. This tutorial walks you through how to get started with CipherStash Proxy. You will:

  • Install the prerequisites
  • Create a CipherStash account
  • Configure CipherStash Proxy
  • Deploy CipherStash Proxy as a Docker container

At the end of this guide, you'll have the building blocks that enable the other CipherStash products to start protecting your data.

Installing prerequisites

To run CipherStash Proxy, you'll need to have Docker, an instance of PostgreSQL, and the CipherStash CLI installed.



CipherStash CLI

PostgreSQL Note

This guide assumes you have a PostgreSQL instance running locally on port 5432. If you want to use a hosted PostgreSQL service, we highly recommend using Supabase or AWS RDS.

Installing CipherStash Proxy

CipherStash Proxy is a Docker container that acts as a proxy between any application and your PostgreSQL database. It's built on top of the popular pgcat connection pooler.

Step 1: Create a CipherStash account

If you haven't already, create a CipherStash account by visiting Once you've created an account, you'll authenticate using the CipherStash CLI.

1stash login

This will output a Workspace ID that you'll need to configure CipherStash Proxy.

2Logging in to Vitur Workspace ID: <WORKSPACE_ID>
3Login succeeded!

Step 2: Generate an API key

To configure CipherStash Proxy, you'll need to have your CipherStash API key handy. You can generate an API key by running the following command where <NAME> is a descriptive name for the key.

1stash access-keys create --workspace-id <WORKSPACE_ID> <NAME>

This will output an API key that you'll need to configure CipherStash Proxy.

2To use this key in your application for programmatic access,
3add the following environment variables:

Step 3: Configure CipherStash Proxy

Create a cipherstash-proxy.toml file in the directory where you'll run CipherStash Proxy. Add the following configuration to the file, replacing the placeholders with your credentials for your PostgreSQL database and your CipherStash API key.

1username = "username"
2password = "password"
4workspace_id = "workspace_id"
5client_access_key = "client_access_key"
8name = "database_name"
9host = "localhost"
10port = 5432

You can see all the configuration options for CipherStash Proxy in the CipherStash Proxy documentation.

Step 4: Run CipherStash Proxy

Run CipherStash Proxy as a Docker container by running the following command in the directory where you created the cipherstash-proxy.toml file.

1docker run -v $(pwd)/cipherstash-proxy.toml:/etc/cipherstash-proxy/cipherstash-proxy.toml -p 6432:6432 cipherstash/cipherstash-proxy:latest

This will start CipherStash Proxy and expose it on port 6432. You can now connect to your PostgreSQL database using CipherStash Proxy.

1psql -h localhost -p 6432 -U username -d database_name

Next steps

Congratulations! You've successfully set up CipherStash Proxy. CipherStash Proxy is a vessel for using the Audit, Identify, and Encrypt products. You can now get started with the other CipherStash products to start protecting your data:

Welcome to CipherStash