About stack

Data level access controls via field level searchable encryption SDK for JavaScript/TypeScript

t

Published by

torus-tools

Visit View Profile

README.md

View on GitHub

CipherStash Stack for TypeScript

What is the stack?

Encryption: Field-level encryption for TypeScript apps with searchable encrypted queries, zero-knowledge key management, and first-class ORM support.

Quick look at the stack in action

Encryption

import { Encryption, encryptedTable, encryptedColumn } from "@cipherstash/stack";

// 1. Define your schema
const users = encryptedTable("users", {
  email: encryptedColumn("email").equality().freeTextSearch(),
});

// 2. Initialize the client
const client = await Encryption({ schemas: [users] });

// 3. Encrypt
const encryptResult = await client.encrypt("[email protected]", {
  column: users.email,
  table: users,
});
if (encryptResult.failure) {
  // Handle errors your way
}

// 4. Decrypt
const decryptResult = await client.decrypt(encryptResult.data);
if (decryptResult.failure) {
  // Handle errors your way
}
// decryptResult.data => "[email protected]"

Install

npm install @cipherstash/stack
# or
yarn add @cipherstash/stack
# or
pnpm add @cipherstash/stack
# or
bun add @cipherstash/stack

[!IMPORTANT] You need to opt out of bundling when using @cipherstash/stack. It uses Node.js specific features and requires the native Node.js require. Read more about bundling in the documentation.

Features

Searchable encryption: query encrypted data with equality, free text search, range, and JSONB queries.
Type-safe schema: define encrypted tables and columns with encryptedTable / encryptedColumn
Model & bulk operations: encrypt and decrypt entire objects or batches with encryptModel / bulkEncryptModels.
Identity-aware encryption: bind encryption to user identity with lock contexts for policy-based access control.

Integrations

Use cases

Trusted data access: ensure only your end-users can access their sensitive data using identity-bound encryption
Reduce breach impact: limit the blast radius of exploited vulnerabilities to only the data the affected user can decrypt

Documentation

Contributing

Contributions are welcome and highly appreciated. However, before you jump right into it, we would like you to review our Contribution Guidelines to make sure you have a smooth experience contributing.

Security

For our full security policy, supported versions, and contributor guidelines, see SECURITY.md.

License

This project is MIT licensed.

stack