Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

A newer version of this documentation is available.

View Latest

Security Management Overview

      +
      Couchbase Server can be rendered highly secure.

      Couchbase Server Security

      Couchbase Server can be rendered highly secure. System-areas available to be managed include:

      • Networked access, by administrators, users, and applications: Can be secured with TLS, using dedicated Couchbase Server-ports. Cipher-suites, TLS levels, and console-access can be individually managed. Networked communications between nodes within the cluster can also be secured: see Apply Node-to-Node Encryption, for details.

      • Authentication: Can be handled by passing credentials explicitly, or by means of client certificates. External (as well as Local) authentication-domains are supported: therefore, authentication-mechanisms based on Native LDAP, saslauthd, and PAM can be used. For the recommended process, see Configure LDAP.

      • Authorization: Couchbase Role-Based Access Control ensures that each authenticated user is checked for the system-defined roles (and, by due association, privileges) they have been assigned. This allows access to be granted or denied them, based on the type of system-resource they are trying to access, and the operation they wish to perform. Roles can be assigned by user and by group. For details, see Manage Users and Roles.

      • Auditing: Can be enabled on actions performed on Couchbase Server, so that reviews can occur. See Manage Auditing,

      • Certificates: These can be defined and established for the cluster. Additionally, certificates presented by clients attempting server-access can be permitted. See Manage Certificates.

      • Logs: These can be redacted, ensuring that no private information is shared. Information is provided in Manage Logging.

      • Sessions: Can be configured for termination following periods of user-inactivity. This is described in Manage Sessions.

      See the navigation panel at the left, for details of additional management procedures documented in this section.