Skip to content


Repository files navigation

Build Status Coverage Status


TozStore is an end-to-end encrypted database (E3DB). It's a storage platform with powerful sharing and consent management features. Read more on our website.

TozStore provides a familiar JSON-based NoSQL-style API for reading, writing, and querying data stored securely in the cloud.

This repository contains a client library and command-line tool E3DB.

Build Prerequisites

e3db uses native go modules for dependency management, which requires a version of go >= 1.11.

Command-Line Interface

The E3DB command-line interface (CLI) is a powerful tool for administrating and interacting with the E3DB service. Binary releases for many platforms are available from this project's Releases page.

Building the CLI

To build a local version of the command-line interface, check out the sources locally, install dependencies, and build the package:

git clone
cd e3db-go
go build
go install ./cmd/e3db

Client Library


If your project uses go modules for managing dependencies and reproducible builds, add the E3DB client library to your go.mod by running:

$ go get

Note that prior to go version 1.14, modules are non-standard and require setting GOMODULE11=on.

Registering a client

Get an API key by registring a free account to get started. From the Admin Console you can create clients directly (and grab their credentials from the console) or create registration tokens to dynamically create clients with e3db.RegisterClient(). Clients registered from within the console will automatically back their credentials up to your account. Clients created dynamically via the SDK can optionally back their credentials up to your account.

For a more complete walkthrough, see /example_registration_test.go.

Without Credential Backup

token := ""
client_name := ""

public_key, private_key, _ := e3db.GenerateKeyPair()
client_info, _ := e3db.RegisterClient(token, client_name, public_key, "", false, "")

The object returned from the server contains the client's UUID, API key, and API secret (as well as echos back the public key passed during registration). It's your responsibility to store this information locally as it will not be recoverable without credential backup.

With Credential Backup

token := ""
client_name := ""

public_key, private_key, _ := e3db.GenerateKeyPair()
client_info, _ := e3db.RegisterClient(token, client_name, public_key, private_key, true, "")

The private key must be passed to the registration handler when backing up credentials as it is used to cryptographically sign the encrypted backup file stored on the server. The private key never leaves the system, and the stored credentials will only be accessible to the newly-registered client itself or the account with which it is registered.


Here is some simple example code to connect and list records:

package main

import (


func main() {
	client, err := e3db.GetDefaultClient()
	if err != nil {
		fmt.Fprint(os.Stderr, err)

	cursor := client.Query(context.Background(), e3db.Q{})
	for {
		record, err := cursor.Next()
		if err == e3db.Done {
		} else if err != nil {

Reading and Writing Records

To write new records to the database, first create a blank record of the correct type with NewRecord. Then fill in the fields of the record's Data field. Finally, write the record to the database with Write, which returns the unique ID of the newly created record.

// Create data for a record
var recordData map[string]string
recordType := "contact"
recordData["first_name"] = "Jon"
recordData["last_name"]  = "Snow"
recordData["phone"]      = "555-555-1212"
// Create optional metadata for the record(metadata can be used for searching)
var metadata map[string]string
matadata["realm"] = "The North"
metadata["pet"]   = "Ghost"
// Encrypt and save the record
recordID, err := client.Write(context.Background(), recordType, recordData, metadata)
if err != nil {
	//Error handling omitted
fmt.Println("Wrote record: " + recordID)
// Retrieve the saved record
newRecord, err := client.Read(context.Background(), recordID)
if err != nil {
	//Error handling omitted
fmt.Println (newRecord.Data["first_name"])


The SDK is documented with standard Go documentation that most IDEs can parse.


Go language client library for e3db







No packages published