CipherStash Docs

CipherStash Proxy

Transparent, searchable encryption for your existing PostgreSQL database

CipherStash Proxy

CipherStash Proxy provides transparent, searchable encryption for your existing PostgreSQL database.

Features

  • Automatic encryption and decryption with zero changes to SQL — configure encryption for specific tables and columns
  • Queries over encrypted values: equality, comparison, ordering, grouping
  • Built-in Prometheus support for monitoring
  • Written in Rust for high performance and strongly-typed mapping of SQL statements
  • Uses ZeroKMS, offering up to 14x the performance of AWS KMS
  • Runs in a container or as a standalone CLI tool

Behind the scenes, CipherStash Proxy uses the Encrypt Query Language (EQL) to index and search encrypted data.

When to use Proxy vs SDK

CipherStash ProxyEncryption SDK
Best forDevOps teams adding encryption to existing PostgreSQL appsEngineering teams building new applications
Code changesZero — drop-in replacement for your database connectionApplication-level integration with schema definitions
SetupDocker container, configure env varsnpm install, define schemas, integrate into app
ControlAutomatic, table/column configurationFine-grained, per-field control

Next steps

Getting started

Get up and running in local dev in under 5 minutes.

Configuration

Docker setup, environment variables, and EQL installation.

Deploy to AWS ECS

Step-by-step guide for deploying Proxy to AWS ECS.

Getting started with Proxy

Get up and running with CipherStash Proxy in local dev in under 5 minutes

On this page

CipherStash ProxyFeaturesWhen to use Proxy vs SDKNext steps