From badda0184348742e478e140e9deb5b702dac3a42 Mon Sep 17 00:00:00 2001 From: Gary Gray <137797428+ggray-cb@users.noreply.github.com> Date: Tue, 28 Oct 2025 14:42:03 -0400 Subject: [PATCH 1/2] Initial draft. --- .../pages/security/encryption-overview.adoc | 20 ++++++++++--------- .../native-encryption-at-rest-overview.adoc | 13 ++++++++++++ 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/modules/learn/pages/security/encryption-overview.adoc b/modules/learn/pages/security/encryption-overview.adoc index 9b8242ee72..9cea93b820 100644 --- a/modules/learn/pages/security/encryption-overview.adoc +++ b/modules/learn/pages/security/encryption-overview.adoc @@ -73,19 +73,21 @@ Use OS-level disk encryption:: You can use disk encryption such as the LUKS encrypted filesystem which is available on Linux. See xref:manage:manage-security/manage-connections-and-disks.adoc#securing-on-disk-data[Securing On-Disk Data]. - -== System Secrets - -Couchbase Server can write passwords, certificates, and other sensitive information to disk in encrypted format. -See xref:manage:manage-security/manage-system-secrets.adoc[Manage System Secrets]. - [#encryption-in-applications] -== Encryption in Applications - -Applications can use the SDK to store fields in encrypted format. +Use field-level encryption in applications:: +Applications can use the SDK to encrypt specific fields. +Depending on your application's requirements, field-level encryption may be more appropriate than encrypting the entire bucket or disk. See the SDK documentation for your development language for more information. For example: ++ * Go SDK: xref:go-sdk:howtos:encrypting-using-sdk.adoc[] * Java SDK: xref:java-sdk:howtos:encrypting-using-sdk.adoc[] * Python SDK: xref:python-sdk:howtos:encrypting-using-sdk.adoc[] + +== System Secrets + +Couchbase Server can write passwords, certificates, and other sensitive information to disk in encrypted format. +See xref:manage:manage-security/manage-system-secrets.adoc[Manage System Secrets]. + + diff --git a/modules/learn/pages/security/native-encryption-at-rest-overview.adoc b/modules/learn/pages/security/native-encryption-at-rest-overview.adoc index e7c6b67339..0313620f8f 100644 --- a/modules/learn/pages/security/native-encryption-at-rest-overview.adoc +++ b/modules/learn/pages/security/native-encryption-at-rest-overview.adoc @@ -9,6 +9,19 @@ This feature is transparent to the database's users. Couchbase Server automatically decrypts data when reading it from disk and encrypts it when writing it to disk. For steps to take when managing this feature, see xref:manage:manage-security/manage-native-encryption-at-rest.adoc[]. +[NOTE] +==== +Applications can use the SDK to encrypt specific fields. +Depending on your application's requirements, field-level encryption may be more appropriate than encrypting the entire bucket. +See the SDK documentation for your development language for more information. +For example: + +* Go SDK: xref:go-sdk:howtos:encrypting-using-sdk.adoc[] +* Java SDK: xref:java-sdk:howtos:encrypting-using-sdk.adoc[] +* Python SDK: xref:python-sdk:howtos:encrypting-using-sdk.adoc[] +==== + + [#keys] == Encryption-at-Rest Keys From e79f6f3068c0960ce01b4f97928e8d1275059506 Mon Sep 17 00:00:00 2001 From: Gary Gray <137797428+ggray-cb@users.noreply.github.com> Date: Tue, 28 Oct 2025 14:56:49 -0400 Subject: [PATCH 2/2] Added title to note admonition --- .../learn/pages/security/native-encryption-at-rest-overview.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/learn/pages/security/native-encryption-at-rest-overview.adoc b/modules/learn/pages/security/native-encryption-at-rest-overview.adoc index 0313620f8f..c35357e780 100644 --- a/modules/learn/pages/security/native-encryption-at-rest-overview.adoc +++ b/modules/learn/pages/security/native-encryption-at-rest-overview.adoc @@ -10,6 +10,7 @@ Couchbase Server automatically decrypts data when reading it from disk and encry For steps to take when managing this feature, see xref:manage:manage-security/manage-native-encryption-at-rest.adoc[]. [NOTE] +.Field-Level Encryption in Applications ==== Applications can use the SDK to encrypt specific fields. Depending on your application's requirements, field-level encryption may be more appropriate than encrypting the entire bucket.