A newer version of this documentation is available.

View Latest

Security Management Overview

      Couchbase Server can be rendered highly secure.

      Couchbase Server Security

      Couchbase Server can be rendered highly secure. System-areas available to be managed include:

      • Networked access, by administrators, users, and applications: Can be secured with TLS, using dedicated Couchbase Server-ports. Cipher-suites, TLS levels, and console-access can be individually managed. Networked communications between nodes within the cluster can also be secured: see Apply Node-to-Node Encryption, for details.

      • Authentication: Can be handled by passing credentials explicitly, or by means of client certificates. External (as well as Local) authentication-domains are supported: therefore, authentication-mechanisms based on Native LDAP, saslauthd, and PAM can be used. For the recommended process, see Configure LDAP.

      • Authorization: Couchbase Role-Based Access Control ensures that each authenticated user is checked for the system-defined roles (and, by due association, privileges) they have been assigned. This allows access to be granted or denied them, based on the type of system-resource they are trying to access, and the operation they wish to perform. Roles can be assigned by user and by group. For details, see Manage Users and Roles.

      • Auditing: Can be enabled on actions performed on Couchbase Server, so that reviews can occur. See Manage Auditing,

      • Certificates: These can be defined and established for the cluster. Additionally, certificates presented by clients attempting server-access can be permitted. See Manage Certificates.

      • Logs: These can be redacted, ensuring that no private information is shared. Information is provided in Manage Logging.

      • Sessions: Can be configured for termination following periods of user-inactivity. This is described in Manage Sessions.

      See the navigation panel at the left, for details of additional management procedures documented in this section.