A newer version of this documentation is available.

View Latest

Security Management Overview

Couchbase Server can be rendered highly secure.

Couchbase Server Security

Couchbase Server can be rendered highly secure. System-areas available to be managed include:

  • Networked access, by administrators, users, and applications: Can be secured with TLS, using dedicated Couchbase Server-ports. Ciphers, TLS levels, and console-access can be individually managed.

  • Authentication: Can be handled by passing credentials explicitly, or by means of client certificates. External (as well as Local) authentication-domains are supported: therefore, LDAP and PAM authentication-mechanisms can be used.

  • Authorization: Couchbase Role-Based Access Control ensures that each authenticated user is checked for the system-defined roles (and, by due association, privileges) they have been assigned. This allows access to be granted or denied them, based on the type of system-resource they are trying to access, and the operation they wish to perform.

  • Auditing: Can be enabled on actions performed on Couchbase Server, so that reviews can occur.

  • Certificates: These can be defined and established for the cluster. Additionally, certificates presented by clients attempting server-access can be permitted.

  • Logs: These can be redacted, ensuring that no private information is shared.

  • Sessions: Can be configured to terminate, following periods of user-inactivity.

See the subsections provided in this section, for details of the required management procedures.