Skip to content

Doc 13590 mention FLE on encryption page #3951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: release/8.0
Choose a base branch
from
Open

Doc 13590 mention FLE on encryption page #3951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
badda01
Initial draft.
ggray-cb Oct 28, 2025
e79f6f3
Added title to note admonition
ggray-cb Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions modules/learn/pages/security/encryption-overview.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,19 +73,21 @@ Use OS-level disk encryption::
You can use disk encryption such as the LUKS encrypted filesystem which is available on Linux.
See xref:manage:manage-security/manage-connections-and-disks.adoc#securing-on-disk-data[Securing On-Disk Data].


== System Secrets

Couchbase Server can write passwords, certificates, and other sensitive information to disk in encrypted format.
See xref:manage:manage-security/manage-system-secrets.adoc[Manage System Secrets].

[#encryption-in-applications]
== Encryption in Applications

Applications can use the SDK to store fields in encrypted format.
Use field-level encryption in applications::
Applications can use the SDK to encrypt specific fields.
Depending on your application's requirements, field-level encryption may be more appropriate than encrypting the entire bucket or disk.
See the SDK documentation for your development language for more information.
For example:

+
* Go SDK: xref:go-sdk:howtos:encrypting-using-sdk.adoc[]
* Java SDK: xref:java-sdk:howtos:encrypting-using-sdk.adoc[]
* Python SDK: xref:python-sdk:howtos:encrypting-using-sdk.adoc[]

== System Secrets

Couchbase Server can write passwords, certificates, and other sensitive information to disk in encrypted format.
See xref:manage:manage-security/manage-system-secrets.adoc[Manage System Secrets].


14 changes: 14 additions & 0 deletions modules/learn/pages/security/native-encryption-at-rest-overview.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,20 @@ This feature is transparent to the database's users.
Couchbase Server automatically decrypts data when reading it from disk and encrypts it when writing it to disk.
For steps to take when managing this feature, see xref:manage:manage-security/manage-native-encryption-at-rest.adoc[].

[NOTE]
.Field-Level Encryption in Applications
====
Applications can use the SDK to encrypt specific fields.
Depending on your application's requirements, field-level encryption may be more appropriate than encrypting the entire bucket.
See the SDK documentation for your development language for more information.
For example:

* Go SDK: xref:go-sdk:howtos:encrypting-using-sdk.adoc[]
Copy link
Contributor

@RichardSmedley RichardSmedley Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was going to suggest a concise way of linking to all of the SDKs,
but FLE is, it turns out, currently only implemented in exactly half of them. 🤦

* Java SDK: xref:java-sdk:howtos:encrypting-using-sdk.adoc[]
* Python SDK: xref:python-sdk:howtos:encrypting-using-sdk.adoc[]
====


[#keys]
== Encryption-at-Rest Keys

Expand Down