CipherStash Protect is a TypeScript SDK that adds field-level searchable encryption to PostgreSQL databases. It allows developers to encrypt individual database columns (strings, numbers, JSON objects) while retaining the ability to query encrypted data without decrypting it first. Protect operates as an additional encryption layer complementing TLS (in-transit) and disk encryption (at-rest), specifically targeting data-in-use protection. Encrypted fields can be searched using equality and free-text search query types, enabling standard query patterns against ciphertext. The SDK is installed via npm (`@cipherstash/protect`) and integrates with existing PostgreSQL workflows using a schema definition approach (`csTable`, `csColumn`). Developers define which columns to encrypt and what search capabilities each column supports, then call `encrypt` and `encryptQuery` methods before reading/writing to the database. Protect is built on top of ZeroKMS, CipherStash's zero-trust key management service. Key architectural properties include: - Zero-knowledge architecture: CipherStash does not have access to data keys; a unique data key is generated per value. - Cryptographic proofs: Attribute-based access control is enforced via lock contexts with cryptographically proven, immutable audit trails. - Identity-bound encryption: Integrates with existing identity provider (IDP) services to bind data access to specific user identities and enforce claim-based access control. A free tier is available offering 10,000 operations per month with no credit card required.