fix: Use updated eql_v1_encrypted column type

tobyhede · tobyhede · commit 3874bbf6c99d · 2025-05-06T16:18:21.000+10:00
diff --git a/docs/errors.md b/docs/errors.md
@@ -314,7 +314,7 @@ For example:
 
 ## Unknown Column <a id='encrypt-unknown-column'></a>
 
-The column has an encrypted type (PostgreSQL `cs_encrypted_v1` type ) with no encryption configuration.
+The column has an encrypted type (PostgreSQL `eql_v1_encrypted` type ) with no encryption configuration.
 
 Without the configuration, Cipherstash Proxy does not know how to encrypt the column.
 Any data is unprotected and unencrypted.
@@ -341,7 +341,7 @@ Column 'column_name' in table 'table_name' has no Encrypt configuration
 
 ## Unknown Table <a id='encrypt-unknown-table'></a>
 
-The table has one or more encrypted columns (PostgreSQL `cs_encrypted_v1` type ) with no encryption configuration.
+The table has one or more encrypted columns (PostgreSQL `eql_v1_encrypted` type ) with no encryption configuration.
 
 Without the configuration, Cipherstash Proxy does not know how to encrypt the column.
 Any data is unprotected and unencrypted.
diff --git a/docs/getting-started/schema-example.sql b/docs/getting-started/schema-example.sql
@@ -4,9 +4,9 @@ TRUNCATE TABLE public.eql_v1_configuration;
 DROP TABLE IF EXISTS users;
 CREATE TABLE users (
     id SERIAL PRIMARY KEY,
-    encrypted_email cs_encrypted_v1,
-    encrypted_dob cs_encrypted_v1,
-    encrypted_salary cs_encrypted_v1
+    encrypted_email eql_v1_encrypted,
+    encrypted_dob eql_v1_encrypted,
+    encrypted_salary eql_v1_encrypted
 );
 
 SELECT cs_add_index_v1(
diff --git a/docs/how-to.md b/docs/how-to.md
@@ -162,22 +162,22 @@ This will output the version of EQL installed.
 
 In your existing PostgreSQL database, you store your data in tables and columns.
 Those columns have types like `integer`, `text`, `timestamp`, and `boolean`.
-When storing encrypted data in PostgreSQL with Proxy, you use a special column type called `cs_encrypted_v1`, which is [provided by EQL](#setting-up-the-database-schema).
-`cs_encrypted_v1` is a container column type that can be used for any type of encrypted data you want to store or search, whether they are numbers (`int`, `small_int`, `big_int`), text (`text`), dates and times (`date`), or booleans (`boolean`).
+When storing encrypted data in PostgreSQL with Proxy, you use a special column type called `eql_v1_encrypted`, which is [provided by EQL](#setting-up-the-database-schema).
+`eql_v1_encrypted` is a container column type that can be used for any type of encrypted data you want to store or search, whether they are numbers (`int`, `small_int`, `big_int`), text (`text`), dates and times (`date`), or booleans (`boolean`).
 
 Create a table with an encrypted column for `email`:
 
 ```sql
 CREATE TABLE users (
     id SERIAL PRIMARY KEY,
-    email cs_encrypted_v1
+    email eql_v1_encrypted
 )
 ```
 
 This creates a `users` table with two columns:
 
  - `id`, an autoincrementing integer column that is the primary key for the record
- - `email`, a `cs_encrypted_v1` column
+ - `email`, a `eql_v1_encrypted` column
 
 There are important differences between the plaintext columns you've traditionally used in PostgreSQL and encrypted columns with CipherStash Proxy:
 
diff --git a/mise.toml b/mise.toml
@@ -567,7 +567,7 @@ cp -v {{config_root}}/target/{{ target }}/release/cipherstash-proxy {{config_roo
 """
 
 [tasks."build:docker"]
-depends = ["build:docker:fetch_eql"]
+depends = ["postgres:eql:download"]
 description = "Build a Docker image for cipherstash-proxy"
 run = """
 {% set default_platform = "linux/" ~ arch() | replace(from="x86_64", to="amd64") %}
@@ -580,16 +580,6 @@ docker build . \
   --platform {{option(name="platform",default=default_platform)}} \
 """
 
-[tasks."build:docker:fetch_eql"]
-description = "Fetch the EQL installation script"
-run = """
-if [ ! -e "cipherstash-eql.sql" ]; then
-  echo "Fetching: cipherstash-eql.sql"
-  curl -sLo cipherstash-eql.sql https://github.com/cipherstash/encrypt-query-language/releases/download/${CS_EQL_VERSION}/cipherstash-encrypt.sql
-else
-  echo "Prefetched: cipherstash-eql.sql"
-fi
-"""
 
 [tasks.release]
 description = "Publish release artifacts"
diff --git a/packages/cipherstash-proxy-integration/src/extended_protocol_error_messages.rs b/packages/cipherstash-proxy-integration/src/extended_protocol_error_messages.rs
@@ -67,10 +67,10 @@ mod tests {
             let msg = err.to_string();
 
             // This is similar to below. The error message comes from tokio-postgres when Proxy
-            // returns cs_encrypted_v1 and the client cannot convert to a string.
+            // returns eql_v1_encrypted and the client cannot convert to a string.
             // If mapping errors are enabled (enable_mapping_errors or CS_DEVELOPMENT__ENABLE_MAPPING_ERRORS),
             // then Proxy will return an error that says "Column X in table Y has no Encrypt configuration"
-            assert_eq!(msg, "error serializing parameter 1: cannot convert between the Rust type `&str` and the Postgres type `cs_encrypted_v1`");
+            assert_eq!(msg, "error serializing parameter 1: cannot convert between the Rust type `&str` and the Postgres type `eql_v1_encrypted`");
         } else {
             unreachable!();
         }
diff --git a/packages/cipherstash-proxy/src/encrypt/schema/manager.rs b/packages/cipherstash-proxy/src/encrypt/schema/manager.rs
@@ -143,8 +143,8 @@ pub async fn load_schema(config: &DatabaseConfig) -> Result<Schema, Error> {
             let ident = Ident::with_quote('"', col);
 
             let column = match domain.as_deref() {
-                Some("cs_encrypted_v1") => {
-                    debug!(target: SCHEMA, msg = "cs_encrypted_v1 column", table = table_name, column = col);
+                Some("eql_v1_encrypted") => {
+                    debug!(target: SCHEMA, msg = "eql_v1_encrypted column", table = table_name, column = col);
                     Column::eql(ident)
                 }
                 _ => Column::native(ident),
diff --git a/packages/cipherstash-proxy/src/postgresql/messages/parse.rs b/packages/cipherstash-proxy/src/postgresql/messages/parse.rs
@@ -24,11 +24,11 @@ impl Parse {
     }
 
     ///
-    /// Encrypted columns are the cs_encrypted_v1 Domain Type
-    /// cs_encrypted_v1 wraps JSONB
+    /// Encrypted columns are the eql_v1_encrypted Domain Type
+    /// eql_v1_encrypted wraps JSONB
     ///
-    /// Using JSONB to avoid the complexity of loading the OID of cs_encrypted_v1
-    /// PostgreSQL will coerce JSONB to cs_encrypted_v1 if it passes the constaint check
+    /// Using JSONB to avoid the complexity of loading the OID of eql_v1_encrypted
+    /// PostgreSQL will coerce JSONB to eql_v1_encrypted if it passes the constaint check
     ///
     pub fn rewrite_param_types(&mut self, columns: &[Option<Column>]) {
         for (idx, col) in columns.iter().enumerate() {
