fix: use playground setup in xorm example

Author: calvinbrewer

README.md

@@ -13,7 +13,7 @@ Store encrypted data alongside your existing data:
 - Encrypted data is stored using a `jsonb` column type
 - Query encrypted data with specialized SQL functions
 - Index encrypted columns to enable searchable encryption
-- Integrate with [CipherStash Proxy](/docs/tutorials/PROXY.md) for transparent encryption/decryption
+- Integrate with [CipherStash Proxy](/docs/tutorials/PROXY.md) for transparent encryption/decryption.
 
 ## Table of Contents
 
@@ -65,6 +65,8 @@ The simplest way to get up and running with EQL is to execute the install SQL fi
 EQL relies on [CipherStash Proxy](docs/tutorials/PROXY.md) for low-latency encryption & decryption.
 We plan to support direct language integration in the future.
 
+If you want to use CipherStash Proxy with the below examples or the [helper packages](#helper-packages-and-examples), you can use the [playground environment](playground/README.md).
+
 ## Documentation
 
 You can read more about the EQL concepts and reference guides in the [documentation directory](docs/README.md).

examples/go/xorm/.envrc.example

@@ -10,63 +10,15 @@
 
 ## Running / Development
 
-Create an [account](https://cipherstash.com/signup).
-
-Install the CLI:
-
-```shell
-brew install cipherstash/tap/stash
-```
-
-Login:
-
-```shell
-stash login
-```
-
-Create a [dataset](https://cipherstash.com/docs/how-to/creating-datasets) and [client](https://cipherstash.com/docs/how-to/creating-clients), and record them as `CS_CLIENT_ID` and `CS_CLIENT_KEY`.
-
-```shell
-stash datasets create xorm
-# grab dataset ID and export CS_DATASET_ID=
-
-stash clients create xorm --dataset-id $CS_DATASET_ID
-# grab the client ID and export CS_CLIENT_ID=
-# grab the client key and export CS_CLIENT_KEY=
-```
-
-Create an [access key](https://cipherstash.com/docs/how-to/creating-access-keys) for CipherStash Proxy:
-
-```shell
-stash workspaces
-# grab the workspace ID and export CS_WORKSPACE_ID=
-stash access-keys create --workspace-id $CS_WORKSPACE_ID xorm
-# grab the client access key and export CS_CLIENT_ACCESS_KEY=
-```
-
-Copy over the example `.envrc` file:
-
-```shell
-cp .envrc.example .envrc
-```
-
-Update the `.envrc` file with these environment variables `CS_WORKSPACE_ID`, `CS_CLIENT_ACCESS_KEY`, `CS_CLIENT_ID`, `CS_CLIENT_KEY` and `CS_DATASET_ID`:
-
-```shell
-source .envrc
-```
-
-Start Postgres and CipherStash Proxy and install EQL:
-
-```shell
-./run.sh setup
-```
-
-Run tests:
-
-```shell
-./run.sh tests
-```
+1. Set up the [playground environment](../../playground/README.md).
+2. Run the setup script:
+	```shell
+	./run.sh setup
+	```
+3. Run tests:
+   ```shell
+   ./run.sh tests
+	 ```
 
 ## Integrating EQL into a Xorm app
 

examples/go/xorm/README.md

@@ -14,7 +14,7 @@ import (
 
 func proxyEngine() *xorm.Engine {
 
-	proxyConnStr := "user=postgres password=postgres port=6432 host=localhost dbname=gotest sslmode=disable"
+	proxyConnStr := "user=postgres password=postgres port=6432 host=localhost dbname=postgres sslmode=disable"
 	proxyEngine, err := xorm.NewEngine("pgx", proxyConnStr)
 
 	if err != nil {

examples/go/xorm/docker-compose.yml

@@ -124,11 +124,11 @@ func (eb *EncryptedBoolField) FromDB(data []byte) error {
 }
 
 func createTable() {
-	connStr := "user=postgres password=postgres port=5432 host=localhost dbname=gotest sslmode=disable"
+	connStr := "user=postgres password=postgres port=5432 host=localhost dbname=postgres sslmode=disable"
 	engine, err := xorm.NewEngine("pgx", connStr)
 
 	if err != nil {
-		log.Fatalf("Could not connect to gotest database: %v", err)
+		log.Fatalf("Could not connect to postgres database: %v", err)
 	}
 
 	// need to map from struct to postgres snake case lowercase
@@ -145,7 +145,7 @@ func createTable() {
 }
 
 func addIndexesConstraints() {
-	connStr := "user=postgres password=postgres port=5432 host=localhost dbname=gotest sslmode=disable"
+	connStr := "user=postgres password=postgres port=5432 host=localhost dbname=postgres sslmode=disable"
 	// Install Eql, custom types, indexes and constraints
 	// To install our custom types we need to use the database/sql package due to an issue
 	// with how xorm interprets `?`.

examples/go/xorm/e2e_test.go

@@ -15,17 +15,10 @@ if [ "${BASH_SOURCE[0]}" != "./run.sh" ]; then
 fi
 
 subproject_setup() {
-  # start postgres and proxy (create db and install eql)
-  docker compose up -d
   # constraints and indexes
   go run . setupDev
 }
 
-subproject_teardown() {
-  # start postgres
-  docker compose down
-}
-
 subproject_tests(){
   #  run e2e tests
   make gotest
@@ -37,10 +30,6 @@ case $subcommand in
     subproject_setup
     ;;
 
-  teardown)
-    subproject_teardown
-    ;;
-
   tests)
     subproject_tests
     ;;

examples/go/xorm/init-db/Dockerfile

@@ -0,0 +1,96 @@
+# EQL and CipherStash Proxy playground
+
+This playground environment provides a simple setup to experiment with **CipherStash Proxy** and **EQL** in a Docker Compose environment. 
+It includes a PostgreSQL database with EQL installed at build time and a CipherStash Proxy configured to integrate with your CipherStash account. 
+This environment is ideal for running the examples in the repository or testing CipherStash features.
+
+## Prerequisites
+
+1. [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) installed.
+2. A CipherStash account and access to the [CipherStash Dashboard](https://dashboard.cipherstash.com) to obtain required environment variables.
+3. The [CipherStash CLI](https://cipherstash.com/docs/reference/cli) installed and configured with your account credentials.
+
+New to CipherStash? [Sign up for a free account](https://cipherstash.com/signup) to get started.
+
+## Services
+
+- **Postgres**: A PostgreSQL database with EQL installed at build time.
+- **Proxy**: The CipherStash Proxy service that encrypts/decrypts data and manages schema encryption.
+
+## Setup
+
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/cipherstash/encrypt-query-language.git
+   cd encrypt-query-language/playground
+   ```
+
+2. Create a `.envrc` file with the following variables:
+   ```env
+   # CipherStash account credentials
+   export CS_WORKSPACE_ID=your_workspace_id
+   export CS_CLIENT_ACCESS_KEY=your_client_access_key
+
+   # Encryption keys
+   export CS_ENCRYPTION__CLIENT_ID=your_client_id
+   export CS_ENCRYPTION__CLIENT_KEY=your_client_key
+   export CS_ENCRYPTION__DATASET_ID=your_dataset_id
+
+   # Optional overrides
+   export PGPORT=5432
+   export CS_PORT=6432
+   ```
+
+   These values are available in your [CipherStash Dashboard](https://dashboard.cipherstash.com).
+   The [Client ID and Key](https://cipherstash.com/docs/how-to/creating-clients) and [Dataset ID](https://cipherstash.com/docs/how-to/creating-datasets) are created through the CipherStash CLI.
+
+3. Build and run the environment:
+   ```bash
+   docker compose up --build
+   ```
+
+## Usage
+
+### Connecting to PostgreSQL
+
+The PostgreSQL service is exposed on `localhost:${PGPORT:-5432}`. You can connect using any PostgreSQL client:
+
+```bash
+psql -h localhost -p 5432 -U postgres
+```
+
+### Connecting to CipherStash Proxy
+
+The CipherStash Proxy service is exposed on `localhost:${CS_PORT:-6432}`. Example connection string:
+
+```text
+postgresql://postgres:postgres@localhost:6432/postgres
+```
+
+or using `psql`:
+
+```bash
+psql -h localhost -p 6432 -U postgres
+```
+
+### Logs
+
+- PostgreSQL logs all SQL statements (`log_statement=all`) for debugging purposes.
+- CipherStash Proxy supports unsafe logging for development. Disable it in production by setting `CS_UNSAFE_LOGGING` to `false`.
+
+### Examples
+
+Use this playground to test any examples from the repository's [examples](../examples/) directory:
+
+## Notes
+
+- **Security warning**: Do not use this environment in production. It is designed for local development and testing purposes only.
+- **EQL installation**: The `eql-playground-pg` container automatically installs EQL during the build process. If modifications are needed, update the Dockerfile in the `db` directory.
+
+## Stopping the Environment
+
+To stop and remove the containers:
+
+```bash
+docker compose down
+```