|
6 | 6 | Encrypt Query Language (EQL) is a set of abstractions for transmitting, storing, and interacting with encrypted data and indexes in PostgreSQL. |
7 | 7 |
|
8 | 8 | > [!TIP] |
9 | | -> **New to EQL?** |
| 9 | +> **New to EQL?** |
10 | 10 | > EQL is the basis for searchable encryption functionality when using [Protect.js](https://github.com/cipherstash/protectjs) and/or [CipherStash Proxy](https://github.com/cipherstash/proxy). |
11 | 11 |
|
12 | 12 | Store encrypted data alongside your existing data: |
@@ -43,6 +43,53 @@ The simplest way to get up and running with EQL is to execute the install SQL fi |
43 | 43 | psql -f cipherstash-encrypt.sql |
44 | 44 | ``` |
45 | 45 |
|
| 46 | + |
| 47 | +## EQL Components |
| 48 | + |
| 49 | +EQL installs and manages the following components |
| 50 | + |
| 51 | +| Name | Entity Type |
| 52 | +| ---------------------------------- | --------------- | |
| 53 | +| eql_v2.* | Schema | |
| 54 | +| public.eql_v2_encrypted | Type | |
| 55 | +| public.eql_v2_configuration_state | Type | |
| 56 | +| public.eql_v2_configuration | Table | |
| 57 | + |
| 58 | + |
| 59 | +### `eql_v2` Schema |
| 60 | + |
| 61 | +The `eql_v2` schema holds all of the functions, types and operators required to query and interact with encrypted data. |
| 62 | +The schema is stateless and the schema can be dropped without risk of data loss. |
| 63 | + |
| 64 | +Updating EQL will drop and re-create the schema. |
| 65 | +Unless otherwise documented this is a safe operation that requires no data migration or changes. |
| 66 | + |
| 67 | + |
| 68 | +### Configuration Table & Type |
| 69 | + |
| 70 | +The `public.eql_v2_configuration` table holds the searchable encryption configuration. |
| 71 | +The `public.eql_v2_configuration_state` type is used by the configuration table. |
| 72 | + |
| 73 | +The table and associated type are created in the `public` schema to avoid any risk of data loss when updating or uninstalling EQL. |
| 74 | + |
| 75 | +EQL updates will automatically migrate the configuration if the internal structure changes. |
| 76 | + |
| 77 | +On uninstall the configuration table is renamed with a timestamp suffix |
| 78 | +The table is not automatically dropped to avoid any potential risk of data loss. |
| 79 | + |
| 80 | +Renaming avoids potential conflicts in CI pipelines that may repeatedly install and uninstall EQL. |
| 81 | + |
| 82 | + |
| 83 | +### `public.eql_v2_encrypted` Type |
| 84 | + |
| 85 | +The `public.eql_v2_encrypted` is the type used to define encrypted columns, and is used in customer table definitions. |
| 86 | +The type is created in the `public` schema to avoid any risk of data loss when updating or uninstalling EQL. |
| 87 | + |
| 88 | +Dropping the `public.eql_v2_encrypted` type will remove any associated columns from the database. |
| 89 | + |
| 90 | +Uninstalling EQL will not drop the `public.eql_v2_encrypted` type to avoid risk of data loss. |
| 91 | + |
| 92 | + |
46 | 93 | ### dbdev |
47 | 94 |
|
48 | 95 | > [!WARNING] |
|
0 commit comments