CipherStash
Searchable field-level encryption and cryptographic access control for Postgres.

CipherStash provides data-level access control (DLAC) for applications and AI agents by making access control cryptographic rather than policy-configured. It offers searchable field-level encryption, identity-bound keys, and cryptographic audit trails that integrate directly into existing Postgres stacks. Sensitive data is encrypted at the value level with policies enforced at decryption time, ensuring that attackers, over-permissioned agents, and insiders only ever see ciphertext.
CipherStash encrypts every sensitive field with a unique identity-bound key via its ZeroKMS service, enforces access policies at decryption time within the existing Postgres stack, and records every access event in an immutable cryptographic audit trail.
Engineering and security teams building applications or AI agents that handle sensitive data on Postgres
Background.
- Status
- launched
- Business model
- subscription
- Company
- CipherStash
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.