CipherStashDocs

Platform

Dashboard, workspaces, organization management, and core concepts

Platform

The CipherStash platform consists of three core components that work together to provide continuous security for your applications and data.

Core Components

Workspaces

What: Isolated containers for your cloud resources.

Contains: Clients, keysets, access keys, devices, OIDC providers.

Purpose: Resource isolation and configuration management per project or team.

ZeroKMS

What: Zero-trust key management service.

Contains: Keysets, cryptographic operations, key derivation.

Purpose: Secure key generation and management without key exposure.

Clients and Devices

What: Identity primitives for accessing keysets.

Contains: Device-backed clients (developers via npx @cipherstash/cli init), machine clients (production/CI via env vars).

Purpose: Per-identity cryptographic access with individual auditability.

Organizations

What: Management layer for teams and billing.

Contains: Members, billing, cross-workspace policies.

Purpose: Centralized governance and access control.

Integration Paths

For Applications

For Infrastructure

  • Managed: Use CipherStash Cloud with automatic scaling
  • Self-hosted: Deploy ZeroKMS in your own AWS environment (only available for Enterprise customers)

Quick Start

Create an account in the Dashboard, then run npx @cipherstash/cli init to connect your machine. See Getting started.

Next steps

Members

Manage organization and workspace membership.

Compliance

Compliance frameworks, data residency, and audit capabilities.

ZeroKMS

Configure key management.

Concepts

What is CipherStash?

Overview of the platform, threat model, and core capabilities.

Security architecture

Cryptographic primitives, key hierarchy, and trust model.

Searchable encryption

How CipherStash enables queries over encrypted data.

The CipherCell

The JSON format for storing encrypted data with searchable metadata.

Supported queries

Exact match, pattern matching, and range queries on encrypted columns.

Encrypt Query Language (EQL)

PostgreSQL types, operators, and functions for encrypted data.

AWS KMS comparison

CipherStash Encryption vs AWS KMS: a side-by-side comparison.

What is CipherStash?

CipherStash is field-level encryption you can query without decryption, with cryptographically verifiable audit trails and key management up to 14x faster than AWS KMS.

On this page

PlatformCore ComponentsWorkspacesZeroKMSClients and DevicesOrganizationsIntegration PathsFor ApplicationsFor InfrastructureQuick StartNext stepsConcepts