A newer version of this documentation is available.

View Latest

Field Level Encryption from the Java SDK

    Field Level Encryption is available in Couchbase Data Platform 5.5, from Node.js SDK version 2.5.0


    The Couchbase Node.js SDK uses the node-couchbase-encryption library to provide support for encryption and decryption of JSON fields.

    The Couchbase Node.js Field Level Encryption (FLE) uses a list of fields mapped to crypto providers to define which field(s) to apply encryption to, and which algorithm to use. You must also configure a key store to use with your providers. In this example we use the “InsecureKeyStore” in-memory store for development and testing - don’t use this one in production!

    var publicKey = '!mysecretkey#9^5usdk39d&dlf)03sL';
    var signingKey = 'myauthpassword';
    var keyStore = new cbfieldcrypt.InsecureKeyStore();
    keyStore.addKey('publickey', publicKey);
    keyStore.addKey('mysecret', signingKey);
    var personCryptFields = {
      password: new cbfieldcrypt.AesCryptoProvider(keyStore, 'publickey', 'mysecret')


    To apply encryption to an object you are writing to Couchbase Server, use the encrypt function with your provider map:

    var encryptedTeddy = cbfieldcrypt.encryptFields(teddy, personCryptFields);
    bucket.upsert('person::1', encryptedTeddy, function(err, res) {
      if (err) {
        throw err;
      // ...


    To remove encryption from an object which was previously encrypted and stored in Couchbase, use the decrypt function, again with your provider map:

    bucket.get('person::1', function(err, res) {
      if (err) {
        throw err;
      var encryptedData = res.value;
      var decryptedData =
          cbfieldcrypt.decryptFields(encryptedData, personCryptFields);
      // ...