By the end of this guide, you will have:
- Encrypted sensitive data inside your existing database
- Queried that encrypted data
The steps you’ll go through are:
- Define which database columns should be encrypted
- Encrypt the sensitive data
- Query the newly encrypted data
You’ll need to install some tools:
Start by cloning the repo and installing dependencies:
git clone https://github.com/cipherstash/cipherstash-sequelize-demo-app cd cipherstash-sequelize-demo-app npm install
Create the database, run migrations, and seed the database with dummy patient data:
npx sequelize-cli db:create npx sequelize-cli db:migrate npx sequelize-cli db:seed:all
The CipherStash CLI is used to manage your encryption schema.
The encryption schema defines what encrypted indexes exist, and what queries you can perform on those indexes.
Install via Homebrew:
brew install cipherstash/tap/stash
If macOS asks you whether you are sure you want to open “stash”, please select “Open”.
Download the binary for your platform:
- Make the binary executable:
# on x86_64 chmod +x $path_to/stash-x86_64-unknown-linux-gnu # on ARM64 chmod +x $path_to/stash-aarch64-unknown-linux-gnu
- Rename the binary:
# on x86_64 mv stash-x86_64-unknown-linux-gnu stash # on ARM64 mv stash-aarch64-unknown-linux-gnu stash
- Place the binary on your
$PATH, so you can run it.
You can start your signup from the CLI:
Your browser will open to https://cipherstash.com/signup/stash-cli where you can sign up with either your GitHub account, or a standalone email.
The CipherStash database driver transparently maps SQL statements to encrypted database columns.
It is installed by overriding the
pg-native package with the drop in replacement
Under the hood
@cipherstash/pg-native uses the package
@cipherstash/libpq which contains the CipherStash PostgreSQL driver.
To install them both, first install
npm add @cipherstash/libpq
@cipherstash/pg-native using an npm alias:
npm add pg-native@npm:@cipherstash/pg-native