CipherStash - Protect Data, Not Just Systems.

CipherStash Proxy mediates access to your PostgreSQL database and analyzes your SQL in real-time to Audit, Identify and Encrypt. This tutorial walks you through how to get started with CipherStash Proxy. You will:

Install the prerequisites
Configure CipherStash Proxy
Deploy CipherStash Proxy as a Docker container

At the end of this guide, you'll have the building blocks that enable the other CipherStash products to start protecting your data.

Installing prerequisites

To run CipherStash Proxy, you'll need to have Docker and an instance of PostgreSQL installed.

Docker

PostgreSQL

PostgreSQL Note

This guide assumes you have a PostgreSQL instance running locally on port 5432. If you want to use a hosted PostgreSQL service, we highly recommend using Supabase or AWS RDS.

Installing CipherStash Proxy

CipherStash Proxy is a Docker container that acts as a proxy between any application and your PostgreSQL database. It's built on top of the popular pgcat connection pooler.

Step 1: Configure CipherStash Proxy

Create a cipherstash-proxy.toml file in the directory where you'll run CipherStash Proxy. Add the following configuration to the file, replacing the placeholders with your credentials for your PostgreSQL database.

1[database]
2username = "username"
3password = "password"
4name = "database_name"
5host = "localhost"
6port = 5432

You can see all the configuration options for CipherStash Proxy in the CipherStash Proxy documentation.

Step 2: Run CipherStash Proxy

Run CipherStash Proxy as a Docker container by running the following command in the directory where you created the cipherstash-proxy.toml file.

1docker run -v $(pwd)/cipherstash-proxy.toml:/etc/cipherstash-proxy/cipherstash-proxy.toml -p 6432:6432 cipherstash/cipherstash-proxy:latest

This will start CipherStash Proxy and expose it on port 6432. You can now connect to your PostgreSQL database using CipherStash Proxy.

1psql -h localhost -p 6432 -U username -d database_name

Step 3: View data access events

CipherStash Proxy will start collecting data access events and emit them to stdout by default. You can start collecting these events locally by leveraging your favorite log aggregation tool.

If you want to send these events to CipherStash for analysis, you can configure the cipherstash-proxy.toml file to enable the Audit product.

Next steps

Congratulations! You've successfully set up CipherStash Proxy. CipherStash Proxy is a vessel for using the Audit, Identify, and Encrypt products. You can now get started with the other CipherStash products to start protecting your data:

Getting started with CipherStash Audit
Getting started with CipherStash Encrypt
Getting started with CipherStash Identify (coming soon!)