Configuration of Cloaked Search

The configuration of Cloaked Search is done primarily through a config file which is read by the docker container.

Docker configuration

Cloaked Search’s configuration must be mounted into the docker container at /app/deploy.yml. This configuration has the following form:
es_url: "https://myelastic-search:9200"
    - id: <ARBITRARY_KEY_ID>
      primary: true
tenant_id_field: <FIELD_WITH_TENANT_ID>
    - name: <INDEX_1>
          - name: <FIELD_1>
          - name: <FIELD_2>
    - name: <INDEX_2>
          - name: <ANOTHER_FIELD_1>
          - name: <ANOTHER_FIELD_2>

Elasticsearch Url

This is the url for the Elasticsearch you want to proxy. It should be fully specified as a Url and can include a port number if desired.
es_url: "https://myelastic-search:9200"


The master key for the Cloaked Search installation. The master key is used to derive search hashes and KEKs (Key Encryption Keys) for encrypting the per-document keys. This key generation algorithm produces different encryption keys per tenant as well as different search hashes for each tenant/index/field combination. As such, it is not used directly as a cryptographic key, but should still have high entropy. Support for rotating this key is planned, but is not available yet.
These keys should be between 32 and 64 characters.
    - id: the-one-key
      key: 31e1cd1baebe933b4b7947bd8bd37fc25ff2fa050477ae27cb13488ef7a87da8
      primary: true

Specifying Tenant Identifier

Specifies the field which identifies the document’s associated tenant. This field will be used as a way to silo results and must be specified on every document search that includes a protected field. If the tenant_id_field isn’t present on a document when indexing, it will not be encrypted.
This defaults to tenant_id if not specified.
tenant_id_field: my_special_tenant_id_field_name

Index configuration

A list of indices and fields which will be protected.
    - name: index1
          - name: title
          - name: summary
    - name: index2
          - name: name
          - name: ssn
Each field will be indexed in the same way that Elasticsearch does by default. The support to change analyzers will be coming soon.


Once this configuration is set for an index, changing it will require re-indexing the entirety of the index as the protected field tokens are written when the document is put into the index.
If you'd like to play with Cloaked Search and see what’s happening under the hood, see our Cloaked Search in 5 minutes which shows you exactly what’s happening.
Cloaked Search is available on our public docker repository and can be pulled using:
docker pull
In order to start it, the config file must be mounted. Assuming that you have cloaked-search-conf.yml in your current directory the following will get the cloaked-search proxy running.
docker run --init --mount type=bind,src="$(pwd)"/cloaked-search-conf.yml,target=/app/deploy.yml