11.5 Encryption

If you require encrypted storage in Couchbase, there are a number of steps that you are required to take.

Install eCryptfs. For example if you are using ubuntu:
```
apt-get install ecryptfs-utils
```
Move the Couchbase data temporarily. The example below is if your Couchbase data is stored in the directory /opt/couchbase/var/lib/couchbase/data/:
```
mv /opt/couchbase/var/lib/couchbase/data/* /tmp
```
Go to the directory from which you have just moved the data using cd:
```
cd /opt/couchbase/var/lib/couchbase/data/
```

Mount the directory for encryption:

mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=/root/pwd.txt -o ecryptfs_cipher=aes -o ecryptfs_key_bytes=16 -o ecryptfs_fnek_sig=xxxxx -o ecryptfs_unlink_sigs -o ecryptfs_passthrough=n -o no_sig_cache /opt/couchbase/var/lib/couchbase/data /opt/couchbase/var/lib/couchbase/data

Your password file must consist of:

passphrase_passwd=[<your password>]

Copy the Couchbase data back to the encrypted directory:
```
mv /tmp/* /opt/couchbase/var/lib/couchbase/data
```

For further information on encrypting Couchbase data, see https://docs.couchbase.com/server/5.1/security/security-data-encryption.html.