Schema validation
Use stash db validate to check your CipherStash encryption schema for misconfigurations, with rules for search types, indexes, and operator families.
The validate command checks your encryption schema for common misconfigurations.
npx stash db validate [options]| Option | Description |
|---|---|
--supabase | Check for Supabase-specific issues (e.g. ORDER BY without operator families) |
--exclude-operator-family | Check for issues when operator families are excluded |
Validation rules
| Rule | Severity | Description |
|---|---|---|
freeTextSearch on non-string column | Warning | Free-text search only works with string data |
orderAndRange without operator families | Warning | ORDER BY won't work without operator families |
| No indexes on encrypted column | Info | Column is encrypted but not searchable |
searchableJson without json data type | Error | searchableJson requires dataType("json") |
Examples
Basic validation:
npx stash db validateValidate with Supabase context (checks for operator family issues):
npx stash db validate --supabaseHow validation works
The command loads your encryption schema from the file specified by client in stash.config.ts and runs it through the validation rules.
- Errors cause the command to exit with code 1.
- Warnings and info messages are printed but don't cause a non-zero exit.
- Validation also runs automatically before
push. Issues are logged as warnings but don't block the push.
Install and upgrade EQL
Install or upgrade EQL extensions in Postgres with the stash CLI, covering Supabase and Drizzle migrations, auto-detection, and permission fallbacks.
Push and status
Push your CipherStash encryption schema to PostgreSQL and use db status and test-connection to check EQL installation and database connectivity.