
PouchDB AES encryption using brix/crypto-js for polyonic and browsers

Usage no npm install needed!

<script type="module">
  import polyonicSecurePouch from 'https://cdn.skypack.dev/polyonic-secure-pouch';


JavaScript Style Guide devDependencies Status

MIT Licence Open Source Love

Secure Pouch

PouchDB plugin for AES encryption of data in Polyonic and browsers using danang-id/simple-crypto-js which uses brix/crypto-js

const db = new PouchDB('app.db');

// all done, docs should be transparently encrypted/decrypted


If you replicate to another database, it will decrypt before sending it to the external one. So make sure that one also has a password set as well if you want it encrypted too.

If you need to decrypt manually see danang-id/simple-crypto-js

This only encrypts the contents of documents, not the _id, _rev, _conflicts or _deleted.

I based this plugin on lil5/simple-cryptor-pouch, but tailored it to work with the Polyonic app seed project.

This project should also work on the following:

  • web (with a babel.js bundler)
  • electron
  • nodejs
  • react native

Save attachments are not ignored by default (_attachments), I would first need to make some test to really see if this is sane. At the moment I do not use attachments. I prefer to store attachments/blobs in blob storage.


This plugin is hosted on npm:

npm i -s polyonic-secure-pouch


db.encrypt(password [, options])

Set up encryption on the database.

  • options.ignore
    String or Array of Strings of properties that will not be encrypted.


Change password

const PouchDB = require('pouchdb')
const SecurePouch = require('polyonic-secure-pouch')

const oldDBpath = './password-old.db'
const newDBpath = './password-new.db'

const oldDB = PouchDB(oldDBpath)
const newDB = PouchDB(newDBpath)


PouchDB.replicate(oldDB, newDB, {live: true, retry: true})
.on('complete', info => console.log({output: info, message: 'complete'}))
.on('error', err => console.error(Error({output: err, message: 'error'})))
.on('denied', err => console.error(Error({output: err, message: 'denied'})))

file: examples/change-password.js

Sync encrypted remote

const PouchDB = require('pouchdb')
const SecurePouch = require('polyonic-secure-pouch')

const localPath = './sync-remote.db'
const remoteURL = ''

const local = PouchDB(localPath)
const remote = PouchDB(remoteURL)


// comment out to encrypt only the remote
// local.encrypt('password')

PouchDB.sync(local, remote, {live: true, retry: true})
.on('complete', info => console.log({output: info, message: 'complete'}))
.on('error', err => console.error(Error({output: err, message: 'error'})))
.on('denied', err => console.error(Error({output: err, message: 'denied'})))

file: examples/sync-encrypted-remote.js