Protect.js

Protect.js is a JavaScript/TypeScript package for encrypting and decrypting data in any database. Encryption operations happen directly in your app, and the ciphertext is stored in your database.

Every value you encrypt with Protect.js has a unique key, made possible by CipherStash ZeroKMS's blazing fast bulk key operations.

The core of Protect.js is CipherStash ZeroKMS, which is a key management service that allows you to encrypt and decrypt data backed by a root key in AWS KMS.

Protect.js is open source and available on GitHub.

Protect.js uses industry-standard AES encryption which is fast and secure and executed directly in your app. Protect.js uses ZeroKMS for bulk encryption and decryption operations. This enables every encrypted value, in every column, in every row in your database to have a unique key — without sacrificing performance.

Features:

• Bulk encryption and decryption: Protect.js uses ZeroKMS for encrypting and decrypting thousands of records at once, while using a unique key for every value.
• Single item encryption and decryption: Just looking for a way to encrypt and decrypt single values? Protect.js has you covered.
• Really fast: ZeroKMS's performance makes using millions of unique keys feasible and performant for real-world applications built with Protect.js.
• Identity-aware encryption: Lock down access to sensitive data by requiring a valid JWT to perform a decryption.
• TypeScript support: Strongly typed with TypeScript interfaces and types.

Use cases:

• Trusted data access: make sure only your end-users can access their sensitive data stored in your product.
• Meet compliance requirements faster: achieve and exceed the data encryption requirements of SOC2 and ISO27001.
• Reduce the blast radius of data breaches: limit the impact of exploited vulnerabilities to only the data your end-users can decrypt.

Get started with Protect.js by installing the package.