A CLI tool to migrate away from prisma-field-encryption by decrypting your database fields to plaintext.

• 🔍 Auto-Discovery: Automatically finds your schema.prisma files and identifies fields marked with /// @encrypted.
• 🧹 Hash Cleanup: Detects related hash fields (e.g., /// @encryption:hash(email)) and offers to clear them during migration.
• 🛡️ Interactive: Select which models to decrypt and confirm actions before execution.
• 📦 Cleanup Assistant: Offers to uninstall the encryption library and provides a checklist for schema cleanup.

Run this tool directly using npx (or pnpx / yarn dlx) from your project root:

npx prisma-field-decryption

• Your project must have @prisma/client installed and generated (prisma generate).
• You must have your CLOAK_MASTER_KEY available in your .env file.

• -s, --schema <path>: Manually specify path to schema file or directory.
• -e, --env <path>: Manually specify path to .env file.

1. Analyze: The tool scans your schema and lists all encrypted models and fields.
2. Select: You choose which models to process (default is all).
3. Hash Option: You are asked if you want to set related hash fields to null (since plaintext fields don't need separate hashes).
4. Decrypt: The tool connects to your database using your project's Prisma Client, decrypts data in memory, and writes it back as plaintext.
5. Cleanup: You are prompted to uninstall the prisma-field-encryption dependency.

After the tool finishes, you should manually:

1. Remove /// @encrypted annotations from your schema.prisma.
2. Remove /// @encryption:hash(...) annotations.
3. Remove the fieldEncryptionExtension from your prisma client initialization code.
4. Run prisma migrate dev to drop the now-unused hash columns (if you cleared them).

MIT