@@ -56,8 +56,8 @@ At a high level:
5656### Reads
5757
58581 . Wrap references to the encrypted column in the appropriate EQL function
59- 3 . CipherStash Proxy encrypts ` plaintext `
60- 4 . SQL statement is executed
59+ 3 . CipherStash Proxy encrypts the ` plaintext `
60+ 4 . PostgreSQL executes the SQL statement
61615 . CipherStash Proxy decrypts any returned ` ciphertext ` data and returns to client
6262
6363
@@ -75,7 +75,44 @@ At a high level:
75756 . Run Cipherstash Proxy
7676
7777
78- {{ MORE }}
78+ ### Add an index
79+
80+ Cipherstash Proxy supports three types of indexes:
81+
82+ - match
83+ - ore (order revealing encryption)
84+ - unique
85+
86+ Indexes are managed using EQL functions and can be baked into an existing database migration process.
87+
88+ ``` sql
89+
90+ -- Add an ore index to users.name
91+ cs_add_index(' users' ' name' ' ore'
92+
93+ -- Remove an ore index from users.name
94+ cs_remove_index(' users' ' name' ' ore'
95+ ```
96+
97+
98+ Adding the index to your configuration does not * encrypt* the data.
99+
100+ The encryption process needs to update every row in the target table.
101+ Depending on the size of the target table, this process can be long-running.
102+
103+ {{LINK TO MIGRATOR DETAILS HERE}}
104+
105+
106+ ### Add an encrypted column
107+
108+
109+ ``` SQL
110+ -- Alter tables from the configuration
111+ cs_create_encrypted_columns_v1()
112+
113+ -- Explicit alter table
114+ ALTER TABLE users ADD column name_encrypted cs_encrypted_v1;
115+ ```
79116
80117
81118
@@ -98,7 +135,57 @@ CREATE TABLE users
98135```
99136
100137
101- ### Functions
138+
139+ ### Index Functions
140+
141+ Functions expect a ` jsonb ` value that conforms to the storage schema.
142+
143+
144+ ``` SQL
145+ cs_add_index(table_name text , column_name text , index_name text , cast_as text , opts jsonb)
146+ ```
147+ | Parameter | Description | Notes
148+ | ------------- | -------------------------------------------------- | ------------------------------------
149+ | table_name | Name of target table | Required
150+ | column_name | Name of target column | Required
151+ | index_name | The index kind | Required.
152+ | cast_as | The PostgreSQL type decrypted data will be cast to | Optional. Defaults to ` text `
153+ | opts | Index options | Optional for ` match ` indexes (see below)
154+
155+
156+ #### cast_as
157+
158+ Supported types:
159+ - text
160+ - int
161+ - small_int
162+ - big_int
163+ - boolean
164+ - date
165+
166+ #### match opts
167+
168+
169+
170+
171+
172+
173+ ``` SQL
174+ cs_modify_index(table_name text , column_name text , index_name text , cast_as text , opts jsonb)
175+ ```
176+ Modifies an existing index configuration.
177+ Accepts the same parameters as ` cs_add_index `
178+
179+
180+ ``` SQL
181+ cs_remove_index(table_name text , column_name text , index_name text )
182+ ```
183+ Removes an index configuration from the column.
184+
185+
186+
187+
188+ ### Query Functions
102189
103190Functions expect a ` jsonb ` value that conforms to the storage schema.
104191
@@ -141,7 +228,6 @@ The format is defined as a [JSON Schema](src/cs_encrypted_v1.schema.json).
141228It should never be necessary to directly interact with the stored ` jsonb ` .
142229Cipherstash proxy handles the encoding, and EQL provides the functions.
143230
144-
145231| Field | Name | Description
146232| -------- | ------------------ | ------------------------------------------------------------
147233| s | Schema version | JSON Schema version of this json document.
0 commit comments