A newer version of this documentation is available.

View Latest

Field Level Encryption from the Java SDK

    +
    Field Level Encryption is available in Couchbase Data Platform 5.5, from Node.js SDK version 2.5.0

    Packaging

    The Couchbase Node.js SDK uses the node-couchbase-encryption library to provide support for encryption and decryption of JSON fields.

    The Couchbase Node.js Field Level Encryption (FLE) uses a list of fields mapped to crypto providers to define which field(s) to apply encryption to, and which algorithm to use. You must also configure a key store to use with your providers. In this example we use the “InsecureKeyStore” in-memory store for development and testing - don’t use this one in production!

    var publicKey = '!mysecretkey#9^5usdk39d&dlf)03sL';
    var signingKey = 'myauthpassword';
    
    var keyStore = new cbfieldcrypt.InsecureKeyStore();
    keyStore.addKey('publickey', publicKey);
    keyStore.addKey('mysecret', signingKey);
    
    var personCryptFields = {
      password: new cbfieldcrypt.AesCryptoProvider(keyStore, 'publickey', 'mysecret')
    };

    Encryption

    To apply encryption to an object you are writing to Couchbase Server, use the encrypt function with your provider map:

    var encryptedTeddy = cbfieldcrypt.encryptFields(teddy, personCryptFields);
    
    bucket.upsert('person::1', encryptedTeddy, function(err, res) {
      if (err) {
        throw err;
      }
    
      // ...
    });

    Decrypting

    To remove encryption from an object which was previously encrypted and stored in Couchbase, use the decrypt function, again with your provider map:

    bucket.get('person::1', function(err, res) {
      if (err) {
        throw err;
      }
    
      var encryptedData = res.value;
      var decryptedData =
          cbfieldcrypt.decryptFields(encryptedData, personCryptFields);
    
      // ...
    });