Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

A newer version of this documentation is available.

View Latest

node-to-node-encryption

    March 16, 2025
    + 12

    Changes node-to-node encryption

    SYNOPSIS

    couchbase-cli node-to-node-encryption [--cluster <url>] [-username <username>]
    [--password <password>] [--get] [--enable] [--disable]

    DESCRIPTION

    This command allows the enabling and disabling of node-to-node encryption this means data transferred between nodes in a cluster will be encrypted. The command will execute a series of instructions in each node in the cluster to switch them from sending and receiving over a non-encrypted connection to an encrypted one or vice-versa.

    OPTIONS

    -c
    --cluster

    Specifies the hostname of a node in the cluster. See the HOST FORMATS section for more information on specifying a hostname.

    -u
    --username <username>

    Specifies the username of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error.

    -p
    --password <password>

    Specifies the password of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error. If this argument is specified, but no password is given then the command will prompt the user for a password through non-echoed stdin. You may also specify your password by using the environment variable CB_REST_PASSWORD.

    --get

    Display the node-to-node encryption settings

    --enable

    Will enable node-to-node encryption

    --disable

    Will disable node-to-node encryption

    HOST FORMATS

    When specifying a host for the couchbase-cli command the following formats are expected:

    • couchbase://<addr>

    • <addr>:<port>

    • http://<addr>:<port>

    It is recommended to use the couchbase://<addr> format for standard installations. The other two formats allow an option to take a port number which is needed for non-default installations where the admin port has been set up on a port other that 8091.

    EXAMPLES

    To enable node-to-node encryption in a cluster with two host [cb1.mydomain.com:8091, cb2.mydomain.com:8091] ran the following commands:

    $ couchbase-cli node-to-node-encryption -c cb1.mydomain.com:8091 --username Administrator \
 --password password --enable

    To check if node-to-node encryption is on or off ran:

    $ couchbase-cli node-to-node-encryption -c cb1.mydomain.com:8091 --username Administrator \
  --password password --get

    To disable node-to-node encryption use the following command:

    $ couchbase-cli node-to-node-encryption -c cb1.mydomain.com:8091 --username Administrator \
--password password --disable

    ENVIRONMENT AND CONFIGURATION VARIABLES

    CB_REST_USERNAME

    Specifies the username to use when executing the command. This environment variable allows you to specify a default argument for the -u/--username argument on the command line.

    CB_REST_PASSWORD

    Specifies the password of the user executing the command. This environment variable allows you to specify a default argument for the -p/--password argument on the command line. It also allows the user to ensure that their password are not cached in their command line history.

    SEE ALSO

    setting-security ssl-manage ip-family

    COUCHBASE-CLI

    Part of the couchbase-cli suite