Getting started
Getting started with CipherStash Proxy
CipherStash Proxy mediates access to your PostgreSQL database and analyzes your SQL in real-time to Audit, Identify and Encrypt. This tutorial walks you through how to get started with CipherStash Proxy. You will:
- Install the prerequisites
- Create a CipherStash account
- Configure CipherStash Proxy
- Deploy CipherStash Proxy as a Docker container
At the end of this guide, you'll have the building blocks that enable the other CipherStash products to start protecting your data.
Installing prerequisites
To run CipherStash Proxy, you'll need to have Docker, an instance of PostgreSQL, and the CipherStash CLI installed.
Docker
PostgreSQL
CipherStash CLI
Installing CipherStash Proxy
CipherStash Proxy is a Docker container that acts as a proxy between any application and your PostgreSQL database. It's built on top of the popular pgcat connection pooler.
Step 1: Create a CipherStash account
If you haven't already, create a CipherStash account by visiting https://console.cipherstash.com/. Once you've created an account, you'll authenticate using the CipherStash CLI.
1stash login
2
This will output a Workspace ID that you'll need to configure CipherStash Proxy.
1...
2Logging in to Vitur Workspace ID: <WORKSPACE_ID>
3Login succeeded!
4
Step 2: Generate an API key
To configure CipherStash Proxy, you'll need to have your CipherStash API key handy. You can generate an API key by running the following command where <NAME>
is a descriptive name for the key.
1stash access-keys create --workspace-id <WORKSPACE_ID> <NAME>
2
This will output an API key that you'll need to configure CipherStash Proxy.
1...
2To use this key in your application for programmatic access,
3add the following environment variables:
4
5CS_CLIENT_ACCESS_KEY=<ACCESS_KEY>
6
7CS_WORKSPACE_ID=<WORKSPACE_ID>
8
Step 3: Configure CipherStash Proxy
Create a cipherstash-proxy.toml
file in the directory where you'll run CipherStash Proxy. Add the following configuration to the file, replacing the placeholders with your credentials for your PostgreSQL database and your CipherStash API key.
1username = "username"
2password = "password"
3
4workspace_id = "workspace_id"
5client_access_key = "client_access_key"
6
7[database]
8name = "database_name"
9host = "localhost"
10port = 5432
11
You can see all the configuration options for CipherStash Proxy in the CipherStash Proxy documentation.
Step 4: Run CipherStash Proxy
Run CipherStash Proxy as a Docker container by running the following command in the directory where you created the cipherstash-proxy.toml
file.
1docker run -v $(pwd)/cipherstash-proxy.toml:/etc/cipherstash-proxy/cipherstash-proxy.toml -p 6432:6432 cipherstash/cipherstash-proxy:latest
2
This will start CipherStash Proxy and expose it on port 6432. You can now connect to your PostgreSQL database using CipherStash Proxy.
1psql -h localhost -p 6432 -U username -d database_name
2
Next steps
Congratulations! You've successfully set up CipherStash Proxy. CipherStash Proxy is a vessel for using the Audit, Identify, and Encrypt products. You can now get started with the other CipherStash products to start protecting your data:
- Getting started with CipherStash Audit
- Getting started with CipherStash Encrypt
- Getting started with CipherStash Identify (coming soon!)