A newer version of this documentation is available.

View Latest

Encryption

Couchbase Server uses encryption, to protect data.

Encryption in Couchbase Server

By means of encryption, data is encoded such that it is non-readable, other than by authorized parties who possess the appropriate means of decryption. Prior to decryption, therefore, encrypted data can be securely saved or transmitted. This ensures the privacy of user-data, and the integrity of servers and their clients.

Couchbase Server provides extensive support for data encryption and decryption. Multiple areas of the system are affected: therefore, essential information is distributed throughout the documentation set.

Areas of Encryption

The principal areas of Couchbase Server encryption-support are listed below, along with links to further information.

Encryption on the Wire

This allows data to pass in encrypted form between clusters, and between a cluster and its clients.

  • Secure Console Access. Administrators can connect securely to Couchbase Web Console. Non-secure access can be disabled, for extra security. See Manage Console Access.

  • X.509 Certificates. These support encrypted communications between clusters, and between a cluster and its clients.

  • Secure Ports. Services are available on secure ports. See Network and Firewall Requirements.

  • General Network Security. Best practices for ensuring the security of the network are provided in Network Security Recommendations.

Encryption at Rest

Encryption at Rest (meaning, on disk or other storage-device) allows passwords and data in files and directories to be encrypted.

  • Data in Files and Directories. Programs are available for the encryption of data in files and directories. See Securing On-Disk Data.

  • System Secrets. Passwords, certificates, and other items essential to Couchbase-Server security can be written to disk in encrypted format. See Manage System Secrets.

Encryption in Applications

  • Field Level Encryption. This allows fields within a document to be securely encrypted by the SDK, to support FIPS-140-2 compliance. See java-sdk::encryption.adoc, for an overview.

  • Field Level Encryption from the Java SDK. Provides directions for configuring encrypted field-level communication with Couchbase Server. See java-sdk::encrypting-using-sdk.adoc.