Platform
Dashboard, workspaces, organization management, and core concepts
Platform
The CipherStash platform consists of three core components that work together to provide continuous security for your applications and data.
Core Components
Workspaces
What: Isolated environments for your applications and configurations.
Contains: Regional deployments, access keys, OIDC providers.
Purpose: Environment isolation and configuration management.
ZeroKMS
What: Zero-trust key management service.
Contains: Client keys, key sets, cryptographic operations.
Purpose: Secure key generation and management without key exposure.
Organizations
What: Multi-tenant management layer.
Contains: Members, billing, cross-workspace policies.
Purpose: Centralized governance and access control.
Integration Paths
For Applications
- Encryption SDK: Direct integration using workspace configuration
- CipherStash Proxy: Transparent database encryption using platform authentication
For Infrastructure
- Managed: Use CipherStash Cloud with automatic scaling
- Self-hosted: Deploy ZeroKMS in your own AWS environment (only available for Enterprise customers)
Quick Start
Create an account and generate your credentials and keys in the Dashboard.
Next steps
Members
Manage organization and workspace membership.
Compliance
Compliance frameworks, data residency, and audit capabilities.
ZeroKMS
Configure key management.
Concepts
What is CipherStash?
Overview of the platform, threat model, and core capabilities.
Security architecture
Cryptographic primitives, key hierarchy, and trust model.
Searchable encryption
How CipherStash enables queries over encrypted data.
The CipherCell
The JSON format for storing encrypted data with searchable metadata.
Supported queries
Exact match, pattern matching, and range queries on encrypted columns.
Encrypt Query Language (EQL)
PostgreSQL types, operators, and functions for encrypted data.
AWS KMS comparison
CipherStash Encryption vs AWS KMS — a side-by-side comparison.