Field Level Encryption is available in Couchbase Data Platform 5.5
The Couchbase Node.js SDK uses the node-couchbase-encryption library to provide support for encryption and decryption of JSON fields.
The Couchbase Node.js Field Level Encryption (FLE) uses a list of fields mapped to crypto providers to define which field(s) to apply encryption and which algorithm to use. You must also configure a key store to use with your providers.
var publicKey = '!mysecretkey#9^5usdk39d&dlf)03sL';
var signingKey = 'myauthpassword';
var keyStore = new cbfieldcrypt.InsecureKeyStore();
keyStore.addKey('publickey', publicKey);
keyStore.addKey('mysecret', signingKey);
var personCryptFields = {
password: new cbfieldcrypt.AesCryptoProvider(keyStore, 'publickey', 'mysecret')
};
To apply encryption to an object your writing to Couchbased, use the encrypt function with your provider map. var encryptedTeddy = cbfieldcrypt.encryptFields(teddy, personCryptFields);
bucket.upsert('person::1', encryptedTeddy, function(err, res) {
if (err) {
throw err;
}
// ...
});
To remove encryption from an object which was previously encrypted and stored in Couchbase, use the decrypt
function, again with your provider map.
bucket.get('person::1', function(err, res) {
if (err) {
throw err;
}
var encryptedData = res.value;
var decryptedData =
cbfieldcrypt.decryptFields(encryptedData, personCryptFields);
// ...
});