Managing XDCR data encryption

Managing XDCR data encryption

XDCR data encryption with Secure Socket Layer (SSL) is enabled with the couchbase-cli tool and the xdcr-setup command. Enterprise Edition only.

Description

The Couchbase Server command line interface (CLI) enables XDCR data encryption (Enterprise Edition only) when an XDCR cluster reference is created or modified.

To setup XDCR with SSL data encryption:

  1. Retrieve the certificate from the destination cluster.
  2. Create or modify the XDCR configuration to allow data encryption and provide the SSL certificate.
  3. Define the replication.

CLI command and parameters

The CLI provides the couchbase-cli tool and the xdcr-setup command. The --xdcr-demand-encryption option enables and disables XDCR data encryption. The -xdcr-certificate=CERTIFICATE option provides the SSL certificate for data security.

Syntax

To configure XDCR with SSL data encryption, the xdcr-setup command is used. The option --xdcr-demand-encryption enables and disables data encryption. To enable, specify 1. To disable, specify 2 (default).

couchbase-cli xdcr-setup -c localHost:port -u [localAdmin] -p [localPassword]
  --create --xdcr-cluster-name=[remoteClustername] 
  --xdcr-hostname=[remoteHost]:[port] 
  --xdcr-username=[remoteAdmin] --xdcr-password=[remotePassword]
  --xdcr-demand-encryption=[0|1]   // 1 to enable, 0 to disable (default)
  --xdcr-certificate=[localPath]/[certificateFile].pem
    

Example: Enabling data encryption

To enable XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=1 .

couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u localAdmin -p localPassword
  --create --xdcr-cluster-name=Omaha 
  --xdcr-hostname=10.3.4.187:8091 
  --xdcr-username=Peyton --xdcr-password=Manning 
  --xdcr-demand-encryption=1 
  --xdcr-certificate=./new.pem  
        

Example: Disabling data encryption

To disable XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=0 .

couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u localAdmin -p localPassword
  --create --xdcr-cluster-name=Omaha 
  --xdcr-hostname=10.3.4.187:8091 
  --xdcr-username=Peyton --xdcr-password=Manning 
  --xdcr-demand-encryption=0 

Response

The following is an example of results for a successful XDCR configuration.

SUCCESS: init/edit test 
<<replication reference created>>