XDCR data encryption with Secure Socket Layer (SSL) is enabled with the xdcr-setup command (Enterprise Edition only).


To configure XDCR with SSL data encryption, the xdcr-setup command is used. The option --xdcr-demand-encryption enables and disables data encryption. To enable, specify 1. To disable, specify 0 (default).

couchbase-cli xdcr-setup -c localhost:port -u [localadmin] -p [localpassword] [options]


The Couchbase Server command line interface (CLI) enables XDCR data encryption (Enterprise Edition only) when an XDCR cluster reference is created or modified.

To setup XDCR with SSL data encryption:

  1. Retrieve the certificate from the destination cluster.
  2. Create or modify the XDCR configuration to allow data encryption and provide the SSL certificate.
  3. Define the replication.


The --xdcr-demand-encryption option enables and disables XDCR data encryption. The -xdcr-certificate=CERTIFICATE option provides the SSL certificate for data security.

The following are the command options:

Table 1. xdcr-setup options
Option Description
--create Create a new XDCR configuration.
--edit Modify an existing XDCR configuration
--delete Delete an existing XDCR configuration.
--list List all XDCR configurations.
--xdcr-cluster-name=CLUSTERNAME The remote cluster to replicate to.
--xdcr-hostname=HOSTNAME The remote host name to connect to.
--xdcr-username=USERNAME The administrator's username for the remote cluster.
--xdcr-password=PASSWORD The administrator's password for the remote cluster.
--xdcr-demand-encryption=[0|1] Allow data encrypted using SSL (yes=1, no=0).
--xdcr-certificate=CERTIFICATE A PEM-encoded certificate that needs to be present if the xdcr-demand-encryption parameter is set to be true.


To require XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=1.

couchbase-cli xdcr-setup -c -u Administrator -p password \
--create --xdcr-cluster-name=Omaha --xdcr-hostname= \ 
--xdcr-username=Peyton --xdcr-password=Manning --xdcr-demand-encryption=1 \

To disable XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=0.


couchbase-cli xdcr-setup -c -u Administrator -p password \
--create --xdcr-cluster-name=Omaha --xdcr-hostname= \ 
--xdcr-username=Peyton --xdcr-password=Manning \ 


The following is an example of results for a successful XDCR configuration.

SUCCESS: init/edit test 
<<replication reference created>>