Couchbase Server can be rendered highly secure.
Couchbase Server can be rendered highly secure, so as to preserve the privacy and integrity of data, and account for access-attempts. The security facilities provided cover:
Authentication: All administrators, users, and applications (all formally considered users) must authenticate, in order to gain server-access. Users can be authenticated by means of either the local or an external password-registry. Authentication can be achieved by either passing credentials directly to the server, or by using a client certificate, in which the credentials are embedded. Connections can be secured by means of SCRAM and TLS. See Authentication.
Authorization: Couchbase Server uses Role-Based Access Control (RBAC), to associate users with specifically assigned roles, these themselves corresponding to system-defined privileges, which allow degrees of access to specific system-resources. On authentication, a user’s roles are determined: if they allow the form of system-access the user is attempting, access is granted; otherwise, it is denied. See Authorization.
Auditing: Actions performed on Couchbase Server can be audited. This allows administrators to ensure that system-management tasks are being appropriately performed. See Auditing.
Encryption: Data is encoded such that it is non-readable, other than by authorized parties who possess the appropriate means of decryption. Prior to decryption, therefore, encrypted data can be securely saved or transmitted. This ensures the privacy of user-data, and the integrity of servers and their clients. See Encryption.
This section provides a conceptual and architectural overview of Couchbase Server security: this includes a list of roles and resources; an account of available auditing options and audit-file contents; and a description of required keys, best practices, supported identity encodings, and other details related to certificates. For practical steps whereby Couchbase Server can be secured, see the section Security Management Overview.