CipherStash Documentation


While CipherStash uses a lot of common terms and concepts that you’re already familiar with, some words and phrases are uniquely... Stashian. We’ve produced this glossary to explain anything that might not be quite what you’re used to.


A set of records that have a similar structure and access pattern. Indexes are defined in collections to facilitate retrieval on fields other than the unique record ID. It is analogous to a table in an RDBMS.


The means by which CipherStash is able to search a collection of records. In many databases, you can search on any field, and an index is a performance optimisation. However in CipherStash, you can only search against fields that have been indexed, because the database cannot see the record directly, because everything (including the indexes) are encrypted. At present, indexes can only be defined when a collection is created.


A named collection of configuration parameters that define how to connect and use a CipherStash workspace. These parameters include authentication details, service and workspace names, as well as details about how to access the cryptographic keys used to encrypt and decrypt your data. Profile parameters are set via files stored under ~/.cipherstash/<profile name>/.


A JSON file describing the structure and indexing strategies of the records stored in a collection. It is provided when creating a collection and, at present, cannot be changed afterwards.

See also: Schema Defintion.


The basic entity which is stored in and retrieved from a CipherStash datastore. A record, from the perspective of CipherStash itself, is an opaque blob of encrypted data. Index terms provided when the record is inserted (or updated) allow it to be queried for and retrieved. It is (very roughly) analogous to a row in an RDBMS.


A set of (usually related) collections. CipherStash’s access control is at that workspace level (for now), so data in separate security domains should be kept in separate workspaces. It is roughly analogous to a database (or “schema”) in an RDBMS.