Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/cipherstash/stack

End-to-end field level encryption for JavaScript/TypeScript apps with zero‑knowledge key management. Search encrypted data without decrypting it.
https://github.com/cipherstash/stack

data data-security encryption javascript postgres postgresql security typescript

Last synced: 1 day ago
JSON representation

End-to-end field level encryption for JavaScript/TypeScript apps with zero‑knowledge key management. Search encrypted data without decrypting it.

Awesome Lists containing this project

README 

          


  

    CipherStash Logo

  

  
CipherStash Stack for TypeScript



Built by CipherStash

License

Docs

Join the community on Discord






## What is the stack?



- [Encryption](https://cipherstash.com/docs/stack/cipherstash/encryption): Field-level encryption for TypeScript apps with searchable encrypted queries, zero-knowledge key management, and first-class ORM support.



## Quick look at the stack in action



**Encryption**



```typescript

import { Encryption, encryptedTable, encryptedColumn } from "@cipherstash/stack";



// 1. Define your schema

const users = encryptedTable("users", {

  email: encryptedColumn("email").equality().freeTextSearch(),

});



// 2. Initialize the client

const client = await Encryption({ schemas: [users] });



// 3. Encrypt

const encryptResult = await client.encrypt("secret@example.com", {

  column: users.email,

  table: users,

});

if (encryptResult.failure) {

  // Handle errors your way

}



// 4. Decrypt

const decryptResult = await client.decrypt(encryptResult.data);

if (decryptResult.failure) {

  // Handle errors your way

}

// decryptResult.data => "secret@example.com"

```



## Install



```bash

npm install @cipherstash/stack

# or

yarn add @cipherstash/stack

# or

pnpm add @cipherstash/stack

# or

bun add @cipherstash/stack

```



> [!IMPORTANT]

> **You need to opt out of bundling when using `@cipherstash/stack`.**

> It uses Node.js specific features and requires the native Node.js `require`.

> Read more about bundling in the [documentation](https://cipherstash.com/docs/stack/deploy/bundling).



## Features



- **[Searchable encryption](https://cipherstash.com/docs/stack/cipherstash/encryption/searchable-encryption)**: query encrypted data with equality, free text search, range, and [JSONB queries](https://cipherstash.com/docs/stack/cipherstash/encryption/searchable-encryption#jsonb-queries-with-searchablejson).

- **[Type-safe schema](https://cipherstash.com/docs/stack/cipherstash/encryption/schema)**: define encrypted tables and columns with `encryptedTable` / `encryptedColumn`

- **[Model & bulk operations](https://cipherstash.com/docs/stack/cipherstash/encryption/encrypt-decrypt#model-operations)**: encrypt and decrypt entire objects or batches with `encryptModel` / `bulkEncryptModels`.

- **[Identity-aware encryption](https://cipherstash.com/docs/stack/cipherstash/encryption/identity)**: bind encryption to user identity with lock contexts for policy-based access control.



## Integrations



- [Encryption + Drizzle](https://cipherstash.com/docs/stack/cipherstash/encryption/drizzle)

- [Encryption + Supabase](https://cipherstash.com/docs/stack/cipherstash/encryption/supabase)

- [Encryption + DynamoDB](https://cipherstash.com/docs/stack/cipherstash/encryption/dynamodb)



## Use cases



- **Trusted data access**: ensure only your end-users can access their sensitive data using identity-bound encryption

- **Reduce breach impact**: limit the blast radius of exploited vulnerabilities to only the data the affected user can decrypt



## Documentation



- [Documentation](https://cipherstash.com/docs)

- [Quickstart](https://cipherstash.com/docs/stack/quickstart)

- [SDK and API reference](https://cipherstash.com/docs/stack/reference)



## Contributing



Contributions are welcome and highly appreciated. However, before you jump right into it, we would like you to review our [Contribution Guidelines](CONTRIBUTE.md) to make sure you have a smooth experience contributing.



## Security



For our full security policy, supported versions, and contributor guidelines, see [SECURITY.md](./SECURITY.md).



## License



This project is [MIT licensed](./LICENSE.md).