§ 00·0x00/STACK / ENCRYPTION
Searchable field-level encryption.
Range queries, exact match, and free-text fuzzy search over encrypted fields, with sub-millisecond overhead on existing Postgres indexes. Works with any managed Postgres provider. No new database, no migration, no superuser access.
This is the primitive everything else depends on. Removing the plaintext-storage constraint is what makes Data Level Access Control deployable.
§ 01·0x01/CAPABILITIES / WHAT YOU GET
Every query you already write.
→ 01
Range queries
Filter on encrypted timestamps, integers, and dates. `WHERE dob BETWEEN $start AND $end` over ciphertext, backed by an existing Postgres index.
→ 02
Exact match
Equality checks across encrypted columns. Joins, grouping, and unique constraints all behave as if the data were plaintext.
→ 03
Free-text fuzzy search
Tokenized, prefix, and fuzzy search over ciphertext. Find records without ever decrypting the index.
→ 04
JSON queries
Query encrypted JSONB fields. Drill into nested paths and apply operators without a decryption step in the query pipeline.
→ 05
Quantum safe
Built on cryptographic constructions that remain secure under a quantum adversary. Ciphertext today, ciphertext tomorrow.
→ 06
100,000x faster than FHE
Fully homomorphic encryption is theoretically attractive and practically unshippable. Searchable encryption is five orders of magnitude faster and deploys to production.
§ 02·0x02/INTEGRATIONS / YOUR STACK
Works with every Postgres provider.
Neon, Supabase, PlanetScale, Crunchy Data, Vercel Postgres, Nile, Tiger Data. If you can `pg_connect` to it, CipherStash Encryption runs on it.
Drizzle ORM
Encrypted column types and query operators native to Drizzle. Type-safe end to end.
READ DOCS →Supabase
Transparent encrypt/decrypt with the encryptedSupabase wrapper. Drop-in replacement.
READ DOCS →DynamoDB
Encrypt items before writes, decrypt after reads via the encryptedDynamoDB helper.
READ DOCS →CipherStash Proxy
Transparent encryption for existing Postgres apps with zero code changes at the application layer.
READ DOCS →§ 03·0x03/BENCHMARKS / NUMBERS
The performance.
<1ms
Query overhead
1B+
Operations in production
100,000x
Faster than FHE
∞
Quantum safe
§ 04·0x04/SHIP / BUILD
Encrypt your first field in 15 minutes.
Install @cipherstash/stack, define an encrypted column, and run your existing query. The field is ciphertext at rest. The query still finds it.