# Searchable encryption in Supabase with CipherStash Encryption *Published on 2025-06-03T00:00:00.000Z* *By CJ Brewer* With CipherStash, all your sensitive data is encrypted at the application level before it's stored in your Supabase instance and it remains completely searchable. ## Content {% callout type="important" title="Use Stack instead" %} Stack supersedes the original Protect.js + Supabase walkthrough this post is based on. For new projects, read the current Stack-based guide instead: [Encrypting Supabase data with CipherStash Stack](/blog/encrypting-supabase-data-with-cipherstash-stack). This post stays up for reference. {% /callout %} If you're using [Supabase](https://supabase.com/) (or even if you're just thinking about it), you should know that you can now encrypt your sensitive data *and* keep it searchable, thanks to CipherStash Encryption. [Supabase](https://supabase.com/) is trusted by millions of developers. Every Supabase project is a dedicated PostgreSQL database, so whether you're working on a hobby project, a budding startup, or a scaling business Supabase gives you an open source SQL database without the hassle. > All customer data is encrypted at rest with AES-256 and in transit via TLS. > Sensitive information like access tokens and keys are encrypted at the application level before they are stored in the database. With CipherStash, **all your sensitive data** is encrypted at the application level before it's stored in Supabase, which means you can: 1. Meet the strictest requirements for regulated industries. 2. Close deals with businesses that have data security compliance obligations 3. Create a strong security culture with a privacy-first development strategy. ## Secure *and* searchable data Under the hood, [CipherStash Encryption](https://github.com/cipherstash/stack) uses [CipherStash's ZeroKMS](https://cipherstash.com/stack/zerokms) to encrypt data in your application in a format that can still support equality, free text search, group by, and order queries. CipherStash Encryption is built to work directly with the [Supabase JS SDK](https://supabase.com/docs/reference/javascript/introduction) so queries like this one work out-of-the-box with data that's been encrypted using CipherStash Encryption: ``` const { data, error } = await supabase .from('users') .select('*') .eq('email', searchTerm) ``` ## If your customers care about data security, this is the combo for you By combining CipherStash Encryption with Supabase, you can create a secure, searchable database system that doesn't compromise on either security or functionality. The solution provides a robust way to handle sensitive data while maintaining the ability to search and query it effectively. If you're building __any__ application that handles sensitive data (like a healthcare app or a financial system), this combo is a perfect solution for you. Check out the [Supabase JS SDK and CipherStash Encryption reference guide](https://cipherstash.com/docs/stack/cipherstash/encryption/supabase) for more technical details. ## Related blog posts - [Encryption in use: 3 ways to protect sensitive data in Typescript backends](https://cipherstash.com/blog/encryption-in-use-3-ways-to-protect-sensitive-data-in-typescript-backends.md) — When building a JavaScript or TypeScript application, few concerns weigh more heavily than the secure handling of sensitive data. Whether you're dealing with personal user information, health records, or simply wanting to follow best practices, implementing data protection is critical. - [Adding CipherStash Encryption to a Next.js app that uses the Supabase SDK](https://cipherstash.com/blog/add-protectjs-to-nextjs-app-with-supabase-sdk.md) — Let's look at how to add CipherStash Encryption to a Next.js app that uses the Supabase SDK and server actions to read and insert encrypted data into a Supabase Postgres instance.