We can authenticate a Couchbase connection in a variety of different ways.
This authentication method commonly used for locally hosted development clusters. It's the easiest method for getting started quickly, but its also not very secure. The benefit of using basic authentication is that there is no additional TLS configuration required when setting up your local Couchbase cluster.
var cluster = await couchbase.connect('couchbase://localhost', {
username: 'Administrator',
password: 'password',
})
Note that this connection string begins with couchbase://
, denoting a non-TLS connection (think http://
).
In certain situations, such as when using Capella, TLS is required. To circumvent the need to download a certificate, the parameter ?tls_verify=none
can be passed with the connection string to ignore mismatched certificates.
const cluster = await couchbase.connect('couchbases://'+ endpoint +'?tls_verify=none', {
username: 'Administrator',
password: 'password'
});
Note that this connection string begins with couchbases://
, with the 's' denoting a TLS-secured connection (think https://
). This is a great way of connecting for development purposes, but it's important to understand that this method is not recommended for use in production.
To properly secure our connection, we'll remove the ?tls_verify=none
parameter and instead add a security
object that contains a trustStorePath
string that locates the root certificate file.
const cluster = await couchbase.connect('couchbases://'+ endpoint, {
username: 'Administrator',
password: 'password',
security: {
trustStorePath: "/path/to/root/certificate.pem"
}
});
Note that we're still using couchbases://
here. You'll have to download the root certificate file(s). In Capella, this is located at the bottom of the 'Connect' tab for a given cluster.
Hopefully this brief tutorial has shed some light on the various authentication methods you can use with Couchbase. You can always read more in the documentation.
The purpose of this tutorial is to help developers switch from basic authentication and/or ignoring TLS certificates for development to a properly encrypted connection for use in production. This is a really important step to ensuring your application is safe from bad actors!