Field Level Encryption from the Java SDK

Field Level Encryption is available in Couchbase Data Platform 5.5, from Node.js SDK version 2.5.0

Packaging

The Couchbase Node.js SDK uses the node-couchbase-encryption library to provide support for encryption and decryption of JSON fields.

The Couchbase Node.js Field Level Encryption (FLE) uses a list of fields mapped to crypto providers to define which field(s) to apply encryption to, and which algorithm to use. You must also configure a key store to use with your providers. In this example we use the “InsecureKeyStore” in-memory store for development and testing - don’t use this one in production!

var publicKey = '!mysecretkey#9^5usdk39d&dlf)03sL';
var signingKey = 'myauthpassword';

var keyStore = new cbfieldcrypt.InsecureKeyStore();
keyStore.addKey('publickey', publicKey);
keyStore.addKey('mysecret', signingKey);

var personCryptFields = {
  password: new cbfieldcrypt.AesCryptoProvider(keyStore, 'publickey', 'mysecret')
};

Encryption

To apply encryption to an object you are writing to Couchbase Server, use the encrypt function with your provider map:

var encryptedTeddy = cbfieldcrypt.encryptFields(teddy, personCryptFields);

bucket.upsert('person::1', encryptedTeddy, function(err, res) {
  if (err) {
    throw err;
  }

  // ...
});

Decrypting

To remove encryption from an object which was previously encrypted and stored in Couchbase, use the decrypt function, again with your provider map:

bucket.get('person::1', function(err, res) {
  if (err) {
    throw err;
  }

  var encryptedData = res.value;
  var decryptedData =
      cbfieldcrypt.decryptFields(encryptedData, personCryptFields);

  // ...
});