A newer version of this documentation is available.

View Latest

Encryption

      +
      Couchbase Server uses encryption, to protect data.

      Encryption in Couchbase Server

      By means of encryption, data is encoded such that it is non-readable, other than by authorized parties who possess the appropriate means of decryption. Prior to decryption, therefore, encrypted data can be securely saved or transmitted. This ensures the privacy of user-data, and the integrity of servers and their clients.

      Couchbase Server provides extensive support for data encryption and decryption. Multiple areas of the system are affected: therefore, essential information is distributed throughout the documentation set.

      Areas of Encryption

      The principal areas of Couchbase Server encryption-support are listed below, along with links to further information.

      Encryption on the Wire

      This allows data to pass in encrypted form between clusters, and between a cluster and its clients.

      • Secure Console Access. Administrators can connect securely to Couchbase Web Console. Non-secure access can be disabled, for extra security. See Manage Console Access.

      • X.509 Certificates. These support encrypted communications between clusters, and between a cluster and its clients.

      • Secure Ports. Services are available on secure ports. See Network and Firewall Requirements.

      • General Network Security. Best practices for ensuring the security of the network are provided in Network Security Recommendations.

      Encryption at Rest

      Encryption at Rest (meaning, on disk or other storage-device) allows passwords and data in files and directories to be encrypted.

      • Data in Files and Directories. Programs are available for the encryption of data in files and directories. See Securing On-Disk Data.

      • System Secrets. Passwords, certificates, and other items essential to Couchbase-Server security can be written to disk in encrypted format. See Manage System Secrets.

      Encryption in Applications

      • Field Level Encryption. This allows fields within a document to be securely encrypted by the SDK, to support FIPS-140-2 compliance. See Field Level Encryption, for an overview.

      • Field Level Encryption from the Java SDK. Provides directions for configuring encrypted field-level communication with Couchbase Server. See Field Level Encryption from the Java SDK.