-
b0e56b8: Upgrade protect-ffi to 0.21.0 and enable array_index_mode for searchable JSON
- Upgrade
@cipherstash/protect-ffito 0.21.0 across all packages - Enable
array_index_mode: 'all'on STE vec indexes so JSON array operations (jsonb_array_elements, jsonb_array_length, array containment) work correctly - Delegate credential resolution entirely to protect-ffi's
withEnvCredentials - Download latest EQL at build/runtime instead of bundling hardcoded SQL files
- Upgrade
- Updated dependencies [b0e56b8]
- @cipherstash/schema@2.2.0
-
db72e2c: Add
encryptQueryAPI for encrypting query terms with explicit query type selection.- New
encryptQuery()method replacescreateSearchTerms()with improved query type handling - Supports
equality,freeTextSearch, andorderAndRangequery types - Deprecates
createSearchTerms()- useencryptQuery()instead - Updates drizzle operators to use correct index selection via
queryTypeparameter
- New
-
e769740: Add encrypted JSONB query support with
searchableJson()(recommended).- New
searchableJson()schema method enables encrypted JSONB path and containment queries - Automatic query operation inference: string values become JSONPath selector queries, objects/arrays become containment queries
- Also supports explicit
queryType: 'steVecSelector'andqueryType: 'steVecTerm'for advanced use cases - JSONB path utilities (
toJsonPath,buildNestedObject,parseJsonbPath) for building encrypted JSON column queries
- New
- Updated dependencies [e769740]
- @cipherstash/schema@2.1.0
- 9ccaf68: Allow stash cli tool to read env files from .env.*.
- a1fce2b: Add Stash interface and CLI tool.
- 622b684: Update @cipherstash/protect-ffi to 0.19.0
- Updated dependencies [532ac3a]
- @cipherstash/schema@2.0.2
- de029de: Add client safe exports.
- ff4421f: Expanded typedoc documentation
- Updated dependencies [ff4421f]
- @cipherstash/schema@2.0.1
- 6b87c17: Added support for multi-tenant encryption with configurable keysets.
- Updated dependencies [9005484]
- @cipherstash/schema@2.0.0
- Updated dependencies [d8ed4d4]
- @cipherstash/schema@1.1.0
-
788dbfc: Added JSON and INT data type support and update FFI to v0.17.1 with x86_64 musl environment platform support.
- Update @cipherstash/protect-ffi from 0.16.0 to 0.17.1 with support for x86_64 musl platforms.
- Add searchableJson() method to schema for JSON field indexing (the search operations still don't work but this interface exists)
- Refactor type system: EncryptedPayload → Encrypted, add JsPlaintext
- Add comprehensive test suites for JSON, integer, and basic encryption
- Update encryption format to use 'k' property for searchable JSON
- Remove deprecated search terms tests for JSON fields
- Simplify schema data types to text, int, json only
- Update model helpers to handle new encryption format
- Fix type safety issues in bulk operations and model encryption
- Updated dependencies [788dbfc]
- @cipherstash/schema@1.0.0
- c7ed7ab: Support TypeORM example with ES2022.
- 211e979: Added support for ES2022 and later.
- 6f45b02: Fully implemented audit metadata functionality.
- Updated dependencies [d0b02ea]
- @cipherstash/schema@0.1.0
- 1cc4772: Released support for bulk encryption and decryption.
- 01fed9e: Added audit support for all protect and protect-dynamodb interfaces.
- 587f222: Added support for deeply nested protect schemas to support more complex model objects.
- c8468ee: Released initial version of the DynamoDB helper interface.
-
1bc55a0: Implemented a more configurable pattern for the Protect client.
This release introduces a new
ProtectClientConfigtype that can be used to configure the Protect client. This is useful if you want to configure the Protect client specific to your application, and will future proof any additional configuration options that are added in the future.import { protect, type ProtectClientConfig } from "@cipherstash/protect"; const config: ProtectClientConfig = { schemas: [users, orders], workspaceCrn: "your-workspace-crn", accessKey: "your-access-key", clientId: "your-client-id", clientKey: "your-client-key", }; const protectClient = await protect(config);
The now deprecated method of passing your tables to the
protectclient is no longer supported.import { protect, type ProtectClientConfig } from "@cipherstash/protect"; // old method (no longer supported) const protectClient = await protect(users, orders); // required method const config: ProtectClientConfig = { schemas: [users, orders], }; const protectClient = await protect(config);
- a471821: Fixed a bug in the model interface to correctly handle undefined and null values.
- 628acdc: Implemented createSearchTerms for a streamlined way of working with encrypted search terms.
- 0883e16: Fix cipherstash.toml and cipherstash.secret.toml file loading by bumping to @cipherstash/protect-ffi v0.14.2
-
95c891d: Implemented CipherStash CRN in favor of workspace ID.
- Replaces the environment variable
CS_WORKSPACE_IDwithCS_WORKSPACE_CRN - Replaces
workspace_idwithworkspace_crnin thecipherstash.tomlfile
- Replaces the environment variable
-
18d3653: Fixed handling composite types for EQL v2.
-
8a4ea80: Implement EQL v2 data structure.
- Support for Protect.js searchable encryption when using Supabase.
- Encrypted payloads are now composite types which support searchable encryption with EQL v2 functions.
- The
dataproperty is an object that matches the EQL v2 data structure.
- 2cb2d84: Replaced bulk operations with model operations.
- a564f21: Bumped versions of dependencies to address CWE-346.
- fe4b443: Added symbolic link for protect readme.
- 43e1acb: * Added support for searching encrypted data
- Added a schema strategy for defining your schema
- Required schema to initialize the protect client
- f4d8334: Released protectjs-ffi with toml file configuration support.
Added a
withResultpattern to all public facing functions for better error handling. Updated all documentation to reflect the new configuration pattern.
- 499c246: Implemented protectjs-ffi.
- 5a34e76: Rebranded logging context and fixed tests.
- 76599e5: Rebrand jseql to protect.
- 5c08fe5: Enforced lock context to be called as a proto function rather than an optional argument for crypto functions.
There was a bug that caused the lock context to be interpreted as undefined when the users intention was to use it causing the encryption/decryption to fail.
This is a breaking change for users who were using the lock context as an optional argument.
To use the lock context, call the
withLockContextmethod on the encrypt, decrypt, and bulk encrypt/decrypt functions, passing the lock context as a parameter rather than as an optional argument.
- e885975: Fixed improper use of throwing errors, and log with jseql logger.
- eeaec18: Implemented typing and import synatx for es6.
- 7b8ec52: Implement packageless logging framework.
- 7480cfd: Fixed node:util package bundling.
- c0123be: Replaced logtape with native node debuglog.
- 9a3132c: Implemented bulk encryption and decryptions.
- 9a3132c: Fixed the logtape peer dependency version.
- 80ee5af: Fixed bugs when implmenting the lock context with CTS v2 tokens.
- 0526f60: Use the latest jseql-ffi (0.4.0)
- fbb2bcb: Implemented CTS v2 for identity lock.
- 71ce612: Released support for LockContext initializer.
- e484718: Refactored init function to not require envrionment variables as arguments.
- e484718: Replaces jset with vitest for better typescript support.
- 2eefb5f: Implemented jseql-ffi for inline crypto.
- 0536f03: Implemented new CsPlaintextV1Schema type and schema.
- bea60c4: Added release management.
- Released the initial version of jseql.