CipherStash Documentation

Getting started with Rails and CipherStash

This guide will step you through adding CipherStash to your Ruby on Rails application.

By the end of this guide, you will have:

  • Encrypted sensitive data inside your existing database
  • Queried that encrypted data

The steps you’ll go through are:

  1. Define which database columns should be encrypted
  2. Encrypt the sensitive data
  3. Query the newly encrypted data

Before you start

You’ll need to install some tools:

  1. The CipherStash CLI
  2. The CipherStash database driver

This tutorial takes you through adding CipherStash to an existing Rails application using PostgreSQL.

Start by cloning the repo and installing dependencies:

git clone
cd cipherstash-rails-demo-app
bundle install

Create the database, run migrations, and seed the database with dummy patient data:

rails db:setup

Install the CipherStash CLI

The CipherStash CLI is used to manage your encryption schema.

The encryption schema is defines what encrypted indexes exist, and what queries you can perform on those indexes.

Download the binary for your platform:

Place the binary on your $PATH, so you can run it.

Sign up

You can start your signup from the CLI:

stash signup

Your browser will open to where you can sign up with either your GitHub account, or a standalone email.

ActiveStash Signup Confirmation page

Install the CipherStash database driver

The CipherStash database driver transparently maps SQL statements to encrypted database columns.

We need to add it to your Rails app, and tell Rails to use it.

Add the activerecord-cipherstash-pg-adapter to your Gemfile:

gem "activerecord-cipherstash-pg-adapter"

Remove the pg gem from your Gemfile.

Run bundle install.

And update the default adapter settings in the database.yml with postgres_cipherstash:

default: &default
  adapter: postgres_cipherstash