CipherStash Encryption Migrator options

CipherStash Encryption Migrator is used to encrypt existing data or to apply index changes after encryption configuration changes of a protected database. To install and use the Encryption Migrator, see Using CipherStash Encryption Migrator.

Setting	Description	Default	Environment Variables
`-t`, `--table`	Specifies the table to migrate	None (Required)	`CS_TABLE`
`-k`, `--primary-key`	List of primary key columns (space-delimited)	`id`	`CS_PRIMARY_KEY`
`-c`, `--columns`	List of columns to migrate (key=value pairs space-delimited)	None (Required)	`CS_COLUMNS`
`-H`, `--host`	Host address of CipherStash Proxy instance	`127.0.0.1`	`CS_HOST`
`-P`, `--port`	Port of CipherStash Proxy instance	`6432`	`CS_PORT`
`-N`, `--database-name`	Database name (or CipherStash Proxy pool name)	None (Required)	`CS_DATABASE__NAME`
`-U`, `--username`	Username for the CipherStash Proxy pool	None (Required)	`CS_USERNAME`, `CS_DATABASE__USERNAME`
`-p`, `--password`	Password for the CipherStash Proxy pool	None (Required)	`CS_PASSWORD`, `CS_DATABASE__PASSWORD`
`-b`, `--batch-size`	Number of records to process at once	`100`	`CS_BATCH_SIZE`
`-d`, `--dry-run`	Runs without updating. Loads data but does not perform updates	None (Optional)	`CS_DRY_RUN`
`-v`, `--verbose`	Enables verbose logging	None (Optional)	`CS_VERBOSE`
`-D`, `--debug`	Enables debug output	None (Optional)	`CS_DEBUG`
`-f`, `--log-format`	Log format (`text` or `structured`)	`text`	`CS_LOG_FORMAT`
`-h`, `--help`	Displays this help message	-	-
`-V`, `--version`	Prints the version of the tool	-	-
`--decrypt`	Decrypts. Assumes source is encrypted and target is plaintext	None (Optional)

Database Details

As Migrator relies on Proxy for encryption, the database connection options should reference the CipherStash Proxy pool, not the actual Postgres database connection details.

Note

The database connection ENV variable definitions are shared with CipherStash Proxy, allowing for reuse of the shared configuration options.