<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv=content-security-policy content="default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; img-src 'self' data: https:; connect-src 'self' https:; worker-src blob:;"> <meta name="viewport" content="width=device-width,initial-scale=1.0"> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://metrics.couchbase.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-MVPNN2');</script> <!-- End Google Tag Manager --> <title>Security | Couchbase Docs</title> <link rel="canonical" href="https://docs.couchbase.com/server/current/learn/security/security-overview.html"> <link rel="stylesheet" href="../../../../_/css/site.css"> <script src="../../../../_/js/vendor/jquery.js"></script> <script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" data-domain-script="748511ff-10bf-44bf-88b8-36382e5b5fd9"></script> <script>function OptanonWrapper(){}</script> <meta name="description" content="Couchbase Server can be rendered highly secure."> <link rel="schema.dcterms" href="https://purl.org/dc/terms/"> <meta name="dcterms.subject" content="server"> <meta name="dcterms.identifier" content="7.6"> <meta name="page-url" content="/server/current/learn/security/security-overview.html"> <meta name="page-nav-header-levels" content="0"> <meta name="docsearch:component" content="server"> <meta name="docsearch:component_title" content="Couchbase Server"> <meta name="docsearch:cversion" content="7.6"> <meta name="docsearch:component_version" content="server@7.6"> <meta name="docsearch:module" content="learn"> <meta name="docsearch:breadcrumbs" content="Couchbase Server / Learn / Security"> <meta name="docsearch:topic_type" content=""> <meta name="docsearch:version_rank" content="1"> <meta name="docsearch:status" content=""> <meta name="docsearch:edition" content=""> <meta name="docsearch:page_rank" content="50"> <meta name="generator" content="Antora 3.1.5"> <link rel="icon" href="../../../../_/img/favicon.svg" type="image/svg+xml"> <link rel="icon" href="../../../../_/img/favicon.ico" type="image/x-icon" sizes="any"> </head> <body class="article"> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MVPNN2" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <header class="header fixed-top"> <div class="header-top-row"> <div class="container"> <nav class="navbar navbar-expand-md flex-nowrap justify-content-between navbar-new-top"> <ul class="navbar-brand-list"> <li class="brand-logo"> <a class="navbar-brand" href="https://www.couchbase.com"> <img src="../../../../_/img/couchbase-logo.svg" alt="Couchbase" /> </a> </li> <li> <a class="navbar-brand cb-documentation" href="https://docs.couchbase.com/home/index.html"> <img src="../../../../_/img/cb-documentation.svg" alt="Couchbase Documentation" class="cb-docs" /> <img src="../../../../_/img/cb-docs-hover.svg" alt="Couchbase Documentation" class="hide cb-hover-docs" /> </a> </li> </ul> <button class="navbar-burger" data-target="topbar-menu"> <span></span> <span></span> <span></span> </button> </nav> </div> </div> <div class="header-bottom-row" id="topbar-menu"> <div class="container"> <nav class="navbar navbar-new-bottom "> <div class="navbar-collapse collapse" id="navbar2"> <ul class="navbar-nav w-100 justify-content-start"> <li class="nav-item ""> <a href="https://docs.couchbase.com/home/index.html" class="nav-link"> <i class="fas fa-home"></i> </a> </li> <li class="nav-item nav-item-selected"> <a class="nav-link" href="../../../../home/server.html"> Server </a> </li> <li class="nav-item "> <a class="nav-link" href="../../../../home/mobile.html"> Mobile </a> </li> <li class="nav-item "> <a class="nav-link" href="../../../../home/cloud.html"> Capella </a> </li> <li class="nav-item "> <a class="nav-link" href="../../../../cloud-native-database/index.html"> Cloud-Native </a> </li> <li class="nav-item "> <a class="nav-link" href="../../../../home/sdk.html"> Couchbase SDKs </a> </li> <li class="nav-item "> <a class="nav-link" href="../../../../home/columnar-sdk.html"> Columnar SDKs </a> </li> </ul> </div> <div class="primary-action"> <div class="navbar-item search" id="search"> <input class="dataLayer query" type="text" placeholder="Search Docs"><i class="fas fa-search"></i> </div> <a class="btn btn-primary btn-grey-reverse" onclick="(window.dataLayer=window.dataLayer||[]).push({'event':'customEvent', 'category':'CTA', 'action':'Button Click', 'label':'Download'});" href="https://www.couchbase.com/downloads"> Downloads <i class="far fa-arrow-to-bottom fa-fw"></i> </a> <a href="https://cloud.couchbase.com/sign-up" class="btn btn-primary" onclick="(window.dataLayer=window.dataLayer||[]).push({'event':'customEvent', 'category':'CTA', 'action':'Button Click', 'label':'Free Trial'});" > Try Free <i class="far fa-cloud fa-fw"></i> </a> </div> </nav> </div> </div> </header> <div class="body container"> <aside class="nav left-sidebar"> <div class="nav-container"> <a href="#" class="menu-expand-toggle"><span>Navigation</span><i class="fas fa-times-circle"></i><i class="fas fa-chevron-circle-left"></i></a> <template id="page-versions" style="display: none"> <select class="version_list" data-component="server"> <option value="7.6" data-url="security-overview.html" selected>7.6</option> <option value="7.2" data-url="../../../7.2/learn/security/security-overview.html">7.2</option> <option value="7.1" data-url="../../../7.1/learn/security/security-overview.html">7.1</option> <option value="7.0" data-url="../../../7.0/learn/security/security-overview.html">7.0</option> </select> </template> </div> </aside> <aside class="toc sidebar" data-title="Contents" data-levels="1"> <div class="sidebar-box"> <div class="tools" role="navigation"> <ul> <li class="tool edit"><a href="https://github.com/couchbase/docs-server/edit/release/7.6/modules/learn/pages/security/security-overview.adoc" title="Edit Page" target="_blank" rel="noopener" class="remove-ext-icon">Edit on GitHub</a></li> </ul> </div> <div class="toc-menu"></div> <div class="is-this-helpful-box"> <h4> Is this page helpful?</h4> <div class="btn-row"> <a href="#" class="like-btn helpful-btn" id="yesBtn" data-page-rating="like" > <i class="far fa-thumbs-up"></i> Yes </a> <a href="#" class="dislike-btn helpful-btn" id="noBtn" data-page-rating="dislike"> <i class="far fa-thumbs-down"></i> No</a> </div> <div class="any-feedback"> <a href="#" class="btn any-feedback-btn" id="myCustomTrigger">Leave Additional Feedback? </a> </div> <div class="dialog-box" id="dialogBox"> <form> <div class="form-group " id="additionalFeedbackBox"> <textarea class="input-control feed-back-msg" rows="8" placeholder="Any Additonal Feedback?"></textarea> <div class="action-btn-row "> <a href="#" class="skip-btn" id="skipBtnMsg">Skip</a> <button class="submit-btn btn blue-btn disabled" > Submit </button> <a href="#" class="info-btn"><i class="fas fa-info-circle"></i></a> </div> </div> </form> </div> </div> </div> </aside> <div class="feedback-modal modal-popup"> <div class="modal-popup-dialogue"> <div class="popup-header"> <a href="#" class="close-popup"><i class="fa fa-times"></i></a> </div> <div class="popup-content"> <p> Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form. </p> </div> </div> </div> <main class="article" data-ceiling="topbar"> <div class="article-header"> <nav class="crumbs" aria-label="breadcrumbs"> <ul> <li class="crumb"><a href="../../introduction/intro.html">Couchbase Server</a></li> <li class="crumb">Learn</li> <li class="crumb"><a href="security-overview.html">Security</a></li> </ul> </nav> </div> <article class="doc"> <div class="page-heading-title"> <h1 class="page">Security</h1> <div class="labels"> <ul></ul> </div> </div> <div class="contributor-list-box"> <span class="last-commit-date" id="commitdate"> </span> <ul id="contributorList"></ul> <span id="otherContributor"> + </span> </div><div id="preamble"> <div class="sectionbody"> <div class="quoteblock abstract"> <blockquote> Couchbase Server can be rendered highly secure. </blockquote> </div> </div> </div> <div class="sect1"> <h2 id="security-overview"><a class="anchor" href="#security-overview"></a>Security Overview</h2> <div class="sectionbody"> <div class="paragraph"> <p>Couchbase Server can be rendered highly secure, so as to preserve the privacy and integrity of data, and account for access-attempts. The security facilities provided cover:</p> </div> <div class="ulist"> <ul> <li> <p><em>Authentication</em>: All administrators, users, and applications (all formally considered <em>users</em>) must authenticate, in order to gain server-access. Users can be authenticated by means of either the <em>local</em> or an <em>external</em> password-registry. Authentication can be achieved by either passing credentials directly to the server, or by using a client certificate, in which the credentials are embedded. Connections can be secured by means of <em>SCRAM</em> and <em>TLS</em>. See <a href="authentication.html" class="xref page">Authentication</a>.</p> </li> <li> <p><em>Authorization</em>: Couchbase Server uses <em>Role-Based Access Control</em> (RBAC), to associate users with specifically assigned <em>roles</em>, these themselves corresponding to system-defined <em>privileges</em>, which allow degrees of access to specific system-resources. On authentication, a user&#8217;s roles are determined: if they allow the form of system-access the user is attempting, access is granted; otherwise, it is denied. See <a href="authorization-overview.html" class="xref page">Authorization</a>.</p> </li> <li> <p><em>Auditing</em>: Actions performed on Couchbase Server can be <em>audited</em>. This allows administrators to ensure that system-management tasks are being appropriately performed. See <a href="auditing.html" class="xref page">Auditing</a>.</p> </li> <li> <p><em>Encryption</em>: Data is encoded such that it is non-readable, other than by authorized parties who possess the appropriate means of <em>decryption</em>. Prior to decryption, therefore, encrypted data can be securely saved or transmitted. This ensures the privacy of user-data, and the integrity of servers and their clients. See <a href="encryption-overview.html" class="xref page">Encryption</a>.</p> </li> </ul> </div> </div> </div> <div class="sect1"> <h2 id="how-to-use-this-section-security"><a class="anchor" href="#how-to-use-this-section-security"></a>How to Use This Section</h2> <div class="sectionbody"> <div class="paragraph"> <p>This section provides a conceptual and architectural overview of Couchbase Server security: this includes a list of <em>roles</em> and <em>resources</em>; an account of available auditing options and audit-file contents; and a description of required keys, best practices, supported identity encodings, and other details related to certificates. For practical steps whereby Couchbase Server can be secured, see the section <a href="../../manage/manage-security/security-management-overview.html" class="xref page">Security Management Overview</a>.</p> </div> </div> </div> </article> </main> </div> <footer class="footer"> <div class="container"> <div class="footer-links"> <div class="col"> <div class="footer-logo"> <a href="https://www.couchbase.com" class="icon"> <img src="../../../../_/img/couchbase-logo.svg" alt="Couchbase"> </a> </div> </div> <div class="col"> <ul> <li><a href="https://docs.couchbase.com" target="_blank" rel="noopener">Documentation</a></li> <li><a href="https://forums.couchbase.com" target="_blank" rel="noopener">Forums</a></li> <li><a href="https://support.couchbase.com" target="_blank" rel="noopener">Support</a></li> </ul> </div> <div class="col"> <ul> <li><a href="https://developer.couchbase.com" target="_blank" rel="noopener">Developer Portal</a></li> <li><a href="https://blog.couchbase.com" target="_blank" rel="noopener">Blog</a></li> <li><a href="https://www.couchbase.com/resources">Resources</a></li> </ul> </div> <div class="col"> <ul> <li><a href="https://www.couchbase.com/get-started-developing-nosql">Get Started</a></li> <li><a href="https://www.couchbase.com/downloads">Downloads</a></li> <li><a href="https://learn.couchbase.com/store?utf8=%E2%9C%93&ss=1&ct=78327&commit=Filter" target="_blank" rel="noopener">Training</a></li> </ul> </div> <div class="col"> <ul class="social-icons"> <li> <svg width="14" height="14" viewBox="0 0 32.1 26.1"> <path id="twitter" class="cls-1" d="M32,7.1a11.836,11.836,0,0,1-3.8,1,6.462,6.462,0,0,0,2.9-3.6,12.606,12.606,0,0,1-4.2,1.6A6.492,6.492,0,0,0,22.1,4a6.594,6.594,0,0,0-6.6,6.6,7.719,7.719,0,0,0,.2,1.5A18.458,18.458,0,0,1,2.2,5.2a6.294,6.294,0,0,0-.9,3.3A6.765,6.765,0,0,0,4.2,14a6.109,6.109,0,0,1-3-.8v.1a6.543,6.543,0,0,0,5.3,6.4,4.678,4.678,0,0,1-1.7.2,4.869,4.869,0,0,1-1.2-.1,6.679,6.679,0,0,0,6.1,4.6,12.917,12.917,0,0,1-8.2,2.8,9.151,9.151,0,0,1-1.6-.1,18.438,18.438,0,0,0,10.1,3c12.1,0,18.7-10,18.7-18.7v-.8A13.336,13.336,0,0,0,32,7.2Z" transform="translate(0.1 -4)"/></svg> <a href="https://twitter.com/couchbase" class="icon"> Twitter </a> </li> <li> <svg width="14" height="14" viewBox="0 0 32 32"> <path id="linkedin" class="cls-1" d="M29,0H3A3.076,3.076,0,0,0,0,3V29a3.009,3.009,0,0,0,3,3H29a2.946,2.946,0,0,0,3-3V3A3.009,3.009,0,0,0,29,0ZM12,26H8V12h4ZM10,10a2,2,0,1,1,2-2A2.006,2.006,0,0,1,10,10ZM26,26H22V18a2,2,0,0,0-4,0v8H14V12h4v2.5c.8-1.1,2.1-2.5,3.5-2.5A4.736,4.736,0,0,1,26,17Z"/></svg> <a href="https://www.linkedin.com/company/couchbase" class="icon"> Linkedin </a> </li> <li> <svg width="14" height="14" viewBox="0 0 32 32"> <path id="facebook" class="cls-1" d="M29,0H3A2.652,2.652,0,0,0,0,3V29a2.652,2.652,0,0,0,3,3H16V18H12V14h4V12a6.452,6.452,0,0,1,6-6h4v4H22a2.151,2.151,0,0,0-2,2v2h6l-1,4H20V32h9a2.652,2.652,0,0,0,3-3V3A2.652,2.652,0,0,0,29,0Z"/></svg> <a href="https://www.facebook.com/Couchbase" class="icon"> Facebook </a> </li> </ul> </div> </div> <div class="footer-terms"> <div class="footer-terms-copyright"> <span>漏 2024 Couchbase and the Couchbase logo are registered trademarks of Couchbase, Inc. All third party trademarks (including logos and icons) referenced by Couchbase, Inc. remain the property of their respective owners. </span> </div> <div class="footer-terms-links"> <a href="https://www.couchbase.com/terms-of-use">Terms of Use</a> <a href="https://www.couchbase.com/privacy-policy">Privacy Policy</a> <a href="https://www.couchbase.com/cookie-policy">Cookie Policy</a> <a href="https://www.couchbase.com/support-policy">Support Policy</a> <a href="https://info.couchbase.com/unsubscribe-or-manage-preferences.html" target="_blank" rel="noopener">Marketing Preference Center</a> </div> </div> </div> </footer> <script src="../../../../_/js/site-navigation-data.js"></script> <script id="page-navigation-group" type="application/json"> {"title":"Server","components":["server"],"url":"/home/server.html","latestVersions":{"server":"7.6"}} </script> <template id="run-code-panel"> <div class="action-panel"> <form class="action-panel-control" method="POST" action="https://couchbase.live/run" target="run-code-output"> <input type="hidden" name="lang"> <input type="hidden" name="code"> <input type="hidden" name="from" value="docs"> <div class="controls"> <button class="control-button rerun" type="submit"><i class="fas fa-redo"></i></button> <span class="shell-name control-label">Output</span> <button class="control-button close"><i class="fas fa-times"></i> Close</button> </div> </form> <iframe class="run-code-output" name="run-code-output"></iframe> </div> </template> <script id="site-script" src="../../../../_/js/vendor/chatbox-ui.js"></script> <script id="site-script" src="../../../../_/js/site.js"></script> <script async src="../../../../_/js/vendor/tabs.js" data-sync-storage-key="preferred-tab"></script> <script defer src="../../../../_/js/vendor/fontawesome-icon-defs.js"></script> <script defer src="../../../../_/js/vendor/fontawesome.js" data-search-pseudo-elements="true"></script> <script async src="../../../../_/js/vendor/highlight.js"></script> <script async id="search-script" src="../../../../_/js/vendor/docsearch.js" data-app-id="NI1G57N08Q" data-api-key="d3eff3e8bcc0860b8ceae87360a47d54" data-index-name="prod_docs_couchbase" data-stylesheet="../../../../_/css/vendor/docsearch.css"></script> <script async id="feedback-script" src="../../../../_/js/vendor/feedback.js?v=1" data-collector-id="709818cb"></script> </body> </html>