A newer version of this documentation is available.

View Latest


It is more important than ever for organizations to secure their infrastructure to prevent unauthorized access and to ensure compliance to regulatory standards such as PCI-DSS and HIPAA. Couchbase Server offers security mechanisms that help protect against threats and breaches.

Authentication and Authorization

Couchbase verifies the identity of administrators and applications using both SASL and non-SASL authentication methods, including challenge-response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. Couchbase Server also supports LDAP authentication for administrators connecting to Couchbase through the Couchbase Web Console.


  • Data in motion: Couchbase Server supports end-to-end SSL traffic both from applications to clusters and between clusters (XDCR). This encryption covers both data packets and administration traffic.

  • Data at rest: Couchbase works with LUKS-based disk encryption on Linux, Bitlocker Drive Encryption on Windows Server 2008 and 2012, and with Vormetric Data Security platform, which does disk and file-level (encryption at rest) and application-level encryption.


Auditingempowers authorized users to monitor the actions carried out by administrators in the Couchbase Server cluster. This capability is essential for achieving regulatory compliance and is often critical for adhering to internal security policies.

For more information about security mechanisms in Couchbase Server, see Security in Couchbase.