- Encryption: Field-level encryption for TypeScript apps with searchable encrypted queries, zero-knowledge key management, and first-class ORM support.
Encryption
import { Encryption, encryptedTable, encryptedColumn } from "@cipherstash/stack";
// 1. Define your schema
const users = encryptedTable("users", {
email: encryptedColumn("email").equality().freeTextSearch(),
});
// 2. Initialize the client
const client = await Encryption({ schemas: [users] });
// 3. Encrypt
const encryptResult = await client.encrypt("secret@example.com", {
column: users.email,
table: users,
});
if (encryptResult.failure) {
// Handle errors your way
}
// 4. Decrypt
const decryptResult = await client.decrypt(encryptResult.data);
if (decryptResult.failure) {
// Handle errors your way
}
// decryptResult.data => "secret@example.com"npm install @cipherstash/stack
# or
yarn add @cipherstash/stack
# or
pnpm add @cipherstash/stack
# or
bun add @cipherstash/stackImportant
You need to opt out of bundling when using @cipherstash/stack.
It uses Node.js specific features and requires the native Node.js require.
Read more about bundling in the documentation.
- Searchable encryption: query encrypted data with equality, free text search, range, and JSONB queries.
- Type-safe schema: define encrypted tables and columns with
encryptedTable/encryptedColumn - Model & bulk operations: encrypt and decrypt entire objects or batches with
encryptModel/bulkEncryptModels. - Identity-aware encryption: bind encryption to user identity with lock contexts for policy-based access control.
- Trusted data access: ensure only your end-users can access their sensitive data using identity-bound encryption
- Reduce breach impact: limit the blast radius of exploited vulnerabilities to only the data the affected user can decrypt
Contributions are welcome and highly appreciated. However, before you jump right into it, we would like you to review our Contribution Guidelines to make sure you have a smooth experience contributing.
For our full security policy, supported versions, and contributor guidelines, see SECURITY.md.
This project is MIT licensed.