[javaunsafe2019]

Idk as you loose the index and several operators your database might get useless and this solution would not scale well.

From my experience you better have dedicated views for different stakeholders and your problem is solved without those downsides.

[llamaLord]

I think you're looking at this from the wrong level. This product kinda assumes that field level encryption is desired for certain protected fields and works from there.

That may not be a correct assumption for ALL systems, but it's a safe assumption for A LOT of systems.

OP this is seriously cool, nicely done.

[javaunsafe2019]

Maybe you did not get my point of a dedicated view/interface/bucket …

[hexedpackets]

Thanks, appreciate it!

[hexedpackets]

It depends on the use case. In our experience, it's been rare that queries on PII need to do anything more complex than substring matching (which we're working on support for). We're definitely not trying to be able to encrypt every column, just to make some common workflows around PII and PHI a lot easier.

Custom views can help, but it does mean you're dealing with access controls directly in the database which can be hard to manage. And the database is fully exposed through backups or engineers with server access.

[atonse]

You don’t lose the ability to search exact values if you use convergent encryption and the same word encrypts to the same ciphertext.

[sk5t]

This is generally considered a bad thing.