Encrypted data access

Couchbase Server client libraries support client-side encryption using the Secure Sockets Layer (SSL) protocol.

Encryption for data access is performed thrugh client-server communication and view access.

SSL based client-server communication

Couchbase Server client libraries support client-side encryption using the Secure Sockets Layer (SSL) protocol by encrypting data in-flight between the client and the server. Secure client-server communication is provided with Couchbase clients released after version 2.0, and does not require configuration.

Client-server communication also allows for the cases where some of the clients communicate with the server using SSL, while the other clients do not.

To enable SSL on the client side, you need to get an SSL certificate from Couchbase Server and then follow the steps specific to the client you are using.

To obtain the certificate, access the Couchbase Web Console, navigate to Settings > Certificate > Show certificate and copy the certificate.

Note: If the Couchbase Server SSL certificate is regenerated, you must obtain a new certificate.

The following clients support SSL:

Java
.NET
Node.js
PHP
C

Note: The Couchbase network port 11207 is used for data communication between the client and the data nodes using SSL.

SSL based view access

A new port 18092 is established for view access: https://couchbase_server:18092