A newer version of this documentation is available.

View Latest

Security

      +
      Couchbase Server can be rendered highly secure.

      Security Overview

      Couchbase Server can be rendered highly secure, so as to preserve the privacy and integrity of data, and account for access-attempts. The security facilities provided cover:

      • Authentication: All administrators, users, and applications (all formally considered users) must authenticate, in order to gain server-access. Users can be authenticated by means of either the local or an external password-registry. Authentication can be achieved by either passing credentials directly to the server, or by using a client certificate, in which the credentials are embedded. Connections can be secured by means of SCRAM and TLS. See Authentication.

      • Authorization: Couchbase Server uses Role-Based Access Control (RBAC), to associate users with specifically assigned roles, these themselves corresponding to system-defined privileges, which allow degrees of access to specific system-resources. On authentication, a user’s roles are determined: if they allow the form of system-access the user is attempting, access is granted; otherwise, it is denied. See Authorization.

      • Auditing: Actions performed on Couchbase Server can be audited. This allows administrators to ensure that system-management tasks are being appropriately performed. See Auditing.

      • Encryption: Data is encoded such that it is non-readable, other than by authorized parties who possess the appropriate means of decryption. Prior to decryption, therefore, encrypted data can be securely saved or transmitted. This ensures the privacy of user-data, and the integrity of servers and their clients. See Encryption.

      How to Use This Section

      This section provides a conceptual and architectural overview of Couchbase Server security: this includes a list of roles and resources; an account of available auditing options and audit-file contents; and a description of required keys, best practices, supported identity encodings, and other details related to certificates. For practical steps whereby Couchbase Server can be secured, see the section Security Management Overview.