A newer version of this documentation is available.

View Latest

Encryption at Rest

Encryption at rest obfuscates and secures data on the physical machines so that it can be accessed only by authenticated and authorized users.

To secure the host machine where Couchbase Server is installed, the security best practices include encrypting certain data locations using transparent data encryption technologies offered by 3rd party on-disk encryption software vendors, such as Vormetric. To see more details, see the webinar provided at Understanding Database Encryption with Couchbase and Vormetric.

When your sensitive data in Couchbase is encrypted at-rest on disk, it cannot be compromised if your database is stolen, copied, lost, or improperly accessed.

The following data locations and files should be encrypted:

  • Data and index file paths:

    • Linux: /opt/couchbase/var/lib/couchbase/data

    • Windows: C:\Program Files\couchbase\server\var\lib\couchbase\data

  • Global Secondary Index file paths:

    • Linux: /opt/couchbase/var/lib/couchbase/data/@2i

    • Windows: C:\Program Files\couchbase\server\var\lib\couchbase\data\@2i

  • Tools path at:

    • Linux: /opt/couchbase/bin/

    • Windows: C:\Program Files\couchbase\server\bin

  • Couchbase password files at:

    • Linux: /opt/couchbase/var/lib/couchbase/isasl.pw and /opt/couchbase/var/lib/couchbase/config/.

    • Windows: C:\Program Files\couchbase\server\var\lib\couchbase\isasl.pw and C:\Program Files\couchbase\server\var\lib\couchbase\var\lib\couchbase\config\.