CipherStashDocs

CipherStash

Data Level Access Control for Postgres. Searchable field-level encryption, identity-bound keys, cryptographic audit trails.

CipherStash is one product with four capabilities:

  • Encryption: Searchable field-level encryption. The core primitive. Every value encrypted with its own unique key. Range queries, exact match, free-text search, and JSON queries over ciphertext.

  • Secrets (coming soon): Secrets without the .env. End-to-end encrypted config with cryptographically isolated environments.

  • Proxy: Transparent encryption for existing PostgreSQL databases. Zero code changes. Also useful as a DevOps tool for inspecting encrypted data.

  • ZeroKMS: The key management layer. Unique key per value, derived on demand, never stored. Powers everything else.

  • CLI: CLI tools for managing EQL installation, encryption schemas, and database setup.

Start with the Quickstart to encrypt your first fields in 15 minutes.

PostgreSQL

CipherStash integration options for PostgreSQL databases. Choose the right path based on your ORM, deployment, and how much application control you need.