11.5 Encryption

Owned by Jenni Wallin
Last updated: May 16, 2023 by Former user (Deleted)
1 min read

If you require encrypted storage in Couchbase, there are a number of steps that you are required to take. 

  1. Install eCryptfs. For example if you are using ubuntu:

    apt-get install ecryptfs-utils

  2. Move the Couchbase data temporarily. The example below is if your Couchbase data is stored in the directory /opt/couchbase/var/lib/couchbase/data/:

    mv /opt/couchbase/var/lib/couchbase/data/* /tmp

  3. Go to the directory from which you have just moved the data using cd:

    cd /opt/couchbase/var/lib/couchbase/data/

  4. Mount the directory for encryption:

    mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=/root/pwd.txt -o ecryptfs_cipher=aes -o ecryptfs_key_bytes=16 -o ecryptfs_fnek_sig=xxxxx -o ecryptfs_unlink_sigs -o ecryptfs_passthrough=n -o no_sig_cache /opt/couchbase/var/lib/couchbase/data /opt/couchbase/var/lib/couchbase/data

    Your password file must consist of:

    passphrase_passwd=[<your password>]

  5. Copy the Couchbase data back to the encrypted directory:

    mv /tmp/* /opt/couchbase/var/lib/couchbase/data

For further information on encrypting Couchbase data, see https://docs.couchbase.com/server/5.1/security/security-data-encryption.html.

Next:

11.6 Troubleshooting