CipherStash Supabase Integration

What it does

This skill documents how to integrate CipherStash's field-level encryption with Supabase using the encryptedSupabase wrapper. It provides concrete guidance for declaring encrypted JSONB columns, initializing the encryption client, and using a wrapper that transparently encrypts on insert/update/upsert and decrypts on select. The guide also covers encrypted query filters (eq, in, like, ilike, gt/gte/lt/lte), identity-aware lock contexts, audit metadata, and operational practices for rollout, backfill, and cutover.

When to use it

Use this skill when you need to add application-layer searchable encryption to a Supabase project so sensitive columns remain encrypted at rest and during queries, when migrating plaintext columns to encrypted twins with minimal downtime, or when building multi-tenant or compliance-focused applications that require audit logging and identity-aware encryption.

What's included

• Scripts: none bundled in the skill folder, but the repo contains tooling and CLI guidance (stash) referenced in the body.
• References: in-text references to CipherStash CLI (stash) and Supabase migration patterns.
• Instructions: step-by-step examples for schema design, client initialization, insert/update/select patterns, encrypted filter usage, backfill, cutover, and drop. Detailed code samples in TypeScript are provided for common flows.

Compatible agents

Suggested compatibility: JavaScript/TypeScript agent workflows and developer tools that can run Node-based examples (Copilot/Code assistants, CI runners).