1. Docs


See our buildlog for relationships between specific docker hashes and version tags. The most recent releases are at the bottom of the file. There will only ever be multiple hashes for a single version tag if the underlying image was rebuilt to fix a security vulnerability.


  • Added query support for key rotation use cases. Note that this causes _icl_search_key_id to be added to all queries, so be sure your Elastic/OpenSearch indices are configured correctly.
  • Dependency updates.


  • Added /_cloaked_search/metrics endpoint that can be scraped by Prometheus. These metrics aim to give insight into the load Cloaked Search is under, and more metrics may be added in the future. See here for more information about the available metrics.


  • Fixed issue where prefix query would not correctly include all tokens in the resulting search service query. This fix should increase search accuracy for prefix queries.


  • Added mappings._encrypted_source index configuration option. When set to { "enabled": false }, the source JSON document will not be encrypted on index and encrypted fields will not be decrypted when queried. See here for more information.


We’ve updated the minor because the logging format changed slightly, so we thought it better to bump minor in case someone was depending on the exact format of the log messages.


  • Dependency updates
  • Change logging frameworks, which significantly increases throughput.



  • Dependency updates
  • Allow PUT for _bulk endpoint.
  • Update logging of requests as we send them to be at trace. This log message also includes the method and body being sent.



  • Dependency updates
  • Fixed error in _icl_encrypted_source being written with an incorrect format when using TSP integration. This change is backward compatible, but data written with this version is not compatible with previous 2.x versions.



  • Dependency updates
  • Improve tenant ID detection error message. It should now have better messages for query string and json payloads.
  • Update base image to be built on scratch instead of alpine.



  • Add use_compact_search_key_id as an index group configuration. Documented here.



  • Update the base alpine image to 3.17



  • Add _cloaked_search/version endpoint to report the running version of CS.



  • Improve error message when failing to parse the TSP response.



  • Moved log messages for unsupported parameters from warn to trace.
  • Update dependencies.



  • Added field mapping option index_phrases to provide phrase search functionality.


  • Improved compatibility with Java High Level Rest Client.
  • Fixed a bug that caused some protected fields to contain an extra token.


This release marks a major overhaul to the functionality of Cloaked Search.


  • Bulk index API
  • JSON query syntax
    • Includes explicit support for bool, dis_max, function_score, match, match_phrase, multi_match, prefix, query_string, and term. Other queries types may be supported implicitly.
  • Index groups - multiple indices that share a search salt and can be queried together
  • Index/search of derived multi-fields
  • Index/search of JSON objects in documents


  • Redesigned the configuration file to more closely match Elasticsearch structures
    • File format changed from YAML to JSON.
    • Index configurations should now be located in indices folder adjacent to the global configuration file.
    • Various analyzers, filters, and tokenizers have been reworked/renamed. See our documentation for details.
    • Added field mapping option index_prefixes to provide prefix search functionality.
  • Changes to Query String search
    • Returns an exception on suffix searches. This can be accomplished with prefix searches on a field with the reverse filter.


  • Removed ability to search over multiple indices to avoid exposing blind index tokens


  • Relaxed top level search object parsing to support _type deprecation


  • added multi arch builds. amd64 and arm64 docker containers are both published to gcr.


  • Added support for PUT endpoints on the index api.
  • Dependency updates.


  • _icl_ prefix for protected fields instead of protected_
  • _encrypted_source only contains protected fields
  • Disallow directly querying protected fields
  • Reduce likelihood of collision on trigrams
  • Allow tenant_id to be fixed per index


  • Few miscellaneous bug fixes.


  • Fix issue with wildcard parsing
  • Add extra validation for standalone keys
  • Support Bool, Number, and String fields on index
  • Fix multi-language detection on substring search
  • Only try to replace hits source on successful requests
  • Error when given an unexpected body type
  • Error for substring queries that do not include enough characters
  • Require tenant ID for search and index
  • Improve error messages for queries using disabled filters


  • Add accept_invalid_certs configuration
  • Update es_url to search_service_url.
  • Add _cloaked_search/health and _cloaked_search/live endpoints to aid in real deployments.
  • Make tenant_id_field configurable per index.
  • TSC integration.
  • Add link to 5M wikipedia set from tantivy.
  • Allow tenant ids to be String, Number or Boolean instead of just String.
  • Improve tenant detection.


  • Moved standalone secrets to files, config points to them.
  • Add support for +/- substring, phrase and term queries.


  • Sign over the edek protobuf when we create it and verify it on deserialization.
  • Add prefix/suffix substring (trigram) support.


  • Automatically select the best filter on query
  • Add a check to make sure the requesting tenant matches resulting document
  • Add phonetic filter to analyzer
  • Allow changing analyzers in config file
  • Upgrade to alpine-3.14, and rust-1.54
  • Dependency updates


  • Initial version of CSP

Versioning Policy

See our container versioning policy documentation.

Was this page helpful?