CipherStash Proxy

CipherStash Proxy gives you instant protection for your database. It provides a transparent proxy to your existing Postgres database that:

• Automatically encrypts and decrypts the columns you specify
• Supports most query types over encrypted values
• Runs in a Docker container
• Is written in Rust and uses a formal type system for SQL mapping
• Works with CipherStash ZeroKMS and offers up to 14x the performance of AWS KMS

Behind the scenes, it uses the Encrypt Query Language to index and search encrypted data.

CipherStash Proxy is simple to deploy and completely transparent to any existing PostgreSQL client.

CipherStash Proxy keeps your sensitive data in PostgreSQL encrypted and searchable, without changing your SQL queries. This means that you can protect your most sensitive data with strong security controls, without slowing down your dev team.

CipherStash Proxy enables searchable encryption-in-use to protect data continuously.

CipherStash Proxy is built on CipherStash’s ZeroKMS key management service, backed by AWS’s industry-leading key management service AWS KMS.

Behind the scenes, Proxy uses our own Encrypt Query Language (EQL) to index and search encrypted data. EQL is a set of abstractions for transmitting, storing, and interacting with encrypted data and indexes in PostgreSQL. Proxy transparently rewrites your SQL queries to use EQL functions and operators. This means you can store and search encrypted data inside your existing PostgreSQL database, right alongside your existing data.

CipherStash Proxy is available as a container image on Docker Hub, and the source code is available on GitHub.

Because Proxy doesn’t need any changes to your application’s code, you can get up and running in local dev in less than five minutes — see the Getting started guide for instructions.