{"id":14585,"date":"2023-06-27T12:27:35","date_gmt":"2023-06-27T19:27:35","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=14585"},"modified":"2023-07-12T11:11:06","modified_gmt":"2023-07-12T18:11:06","slug":"hashicorp-vault-with-couchbase-server","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/","title":{"rendered":"HashiCorp Vault with Couchbase Server"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In today&#8217;s fast-paced world, data security is of utmost importance, especially when dealing with sensitive information. A key component of data security is authentication, which protects data from being stolen. HashiCorp Vault is one of the technologies that can help businesses further secure access to their Couchbase database.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">How can HashiCorp help me to further increase my database security?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">HashiCorp Vault can securely store and manage database credentials, such as usernames and passwords, and dynamically generate new ones when they are needed. This reduces the risk of accidental or intentional credential exposure and makes it easier to revoke or rotate credentials when they are no longer needed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Vault can also provide detailed audit logs of all database access and credential use, which can help organizations comply with various regulatory requirements and monitor for suspicious activity.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this tutorial blog post, we will look at how to integrate Couchbase Server with HashiCorp Vault.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Step 1: Setting up Vault<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The first step is to set up a HashiCorp Vault instance. You can download the Vault binary from the official website, you can use a package manager like Homebrew or Chocolatey or you can run Vault using Docker. In this blog post we will use Docker to set up the environment.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set up the Docker network<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">docker network create dev_couchbase<\/pre>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Start Vault in a Docker container. To start Vault in developer mode with a root password of <em>password<\/em>, simply use the command below.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">docker run --cap-add=IPC_LOCK --name=\"couchbase_vault\" --rm \\\r\n\u00a0\u00a0\u00a0\u00a0--network dev_couchbase \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_DEV_ROOT_TOKEN_ID=password \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_ADDR=https:\/\/0.0.0.0:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0-p 8200:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0vault server -dev<\/pre>\n<p><span style=\"font-weight: 400;\">The above Docker command starts the Vault server in development mode, which is not recommended for production use. It creates an in-memory data store that is wiped out when the server is shut down. However, it is perfect for testing purposes.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The vault UI is running at <\/span><a href=\"https:\/\/localhost:8200\"><span style=\"font-weight: 400;\">https:\/\/localhost:8200<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-14587\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/image_2023-06-27_120757460-1024x561.png\" alt=\"\" width=\"900\" height=\"493\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_120757460-1024x561.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_120757460-300x164.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_120757460-768x421.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_120757460.png 1097w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">You can use a \u201cpassword\u201d\u00a0 as a token to login into the Vault UI as we specified that to be the root token.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Step 2: Checking the configuration of Vault<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Once the Vault server is up and running, you need to make sure that the Couchbase database plugin is installed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Run the following command to check if the plugin is installed:<\/span><\/p>\n<pre class=\"wrap:true lang:default decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault plugin list\" | grep couchbase<\/pre>\n<p><span style=\"font-weight: 400;\">Please note: in the earlier command, we named the container <em>couchbase_vault<\/em>, using the command above executes vault commands inside the container running HashiCorp Vault.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The output of this command should list the couchbase plugin:<\/span><\/p>\n<pre class=\"lang:default decode:true \">couchbase-database-plugin\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 database\u00a0 \u00a0 v0.9.0+builtin<\/pre>\n<p><span style=\"font-weight: 400;\">If you would like to experiment with Vault you can use the command below to open a shell inside the container running Vault:<\/span><\/p>\n<pre class=\"lang:default decode:true \">docker exec -it \"couchbase_vault\" \/bin\/ash<\/pre>\n<p><span style=\"font-weight: 400;\">You can authenticate with the root token we set up earlier:<\/span><\/p>\n<pre class=\"lang:default decode:true \">vault login password<\/pre>\n<p><span style=\"font-weight: 400;\">If you are not familiar with Vault make sure you check out the <a href=\"https:\/\/developer.hashicorp.com\/vault\/docs\/commands\">commands documentation<\/a>.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Step 3: Start a demo Couchbase server<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Open a new terminal window and run the following command to start Couchbase:<\/span><\/p>\n<pre class=\"lang:default decode:true\">docker run -it --rm \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--network dev_couchbase \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--name=\"couchbase_main\" \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-e COUCHBASE_USERNAME=Administrator \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-e COUCHBASE_PASSWORD=password \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-w \/opt\/couchbase \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-p 8091-8094:8091-8094\u00a0 \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-p 11210:11210\u00a0 \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-p 18091-18094:18091-18094\u00a0 \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--health-cmd \"curl --fail https:\/\/localhost:8091\/ui\/index.html || exit 1\" --health-interval=5s --health-timeout=3s --health-retries=10 --health-start-period=5s \\\r\n\u00a0couchbase\/server:7.1.3<\/pre>\n<h2><span style=\"color: #343e47; font-family: Lato, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 50px;\">Step 4: Configure Couchbase Server<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Open a third terminal. We will use this to execute Docker commands to configure Vault and Couchbase in the next steps.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Initialize our Couchbase cluster<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\" style=\"padding-left: 40px;\">docker exec -it couchbase_main \\\r\n\u00a0\u00a0\u00a0\u00a0.\/bin\/couchbase-cli cluster-init \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-c couchbase:\/\/127.0.0.1 \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--cluster-name couchbase-playground \\\r\n\u00a0\u00a0 --cluster-username Administrator \\\r\n\u00a0\u00a0 --cluster-password password \\\r\n\u00a0\u00a0 --services data,index,query,fts \\\r\n\u00a0\u00a0 --cluster-ramsize 2048 \\\r\n\u00a0\u00a0 --cluster-index-ramsize 512 \\\r\n\u00a0\u00a0 --index-storage-setting default \\\r\n\u00a0\u00a0\u00a0--node-to-node-encryption off<\/pre>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Import some sample data<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">docker exec -it couchbase_main \\\r\n\u00a0\u00a0\u00a0\u00a0curl -v https:\/\/localhost:8091\/sampleBuckets\/install \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-u Administrator:password \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-d '[\"gamesim-sample\",\"travel-sample\", \"beer-sample\"]'<\/pre>\n<p>It is time to inspect our cluster using the UI. You can open the <a href=\"https:\/\/localhost:8091\">console<\/a> at <a href=\"https:\/\/localhost:8091\">https:\/\/localhost:8091<\/a> and use\u00a0<span style=\"font-weight: 400;\"><em>Administrator<\/em> as username and <em>password<\/em> as password to log in.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-14588\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/image_2023-06-27_121050788-1024x351.png\" alt=\"\" width=\"900\" height=\"308\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121050788-1024x351.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121050788-300x103.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121050788-768x263.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121050788.png 1176w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Step 5: Creating a Couchbase Server user<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Now that the Vault is configured, and Couchbase Server is running, we need to create a Couchbase user. This user will be used by the Couchbase Vault plugin to access Couchbase Server and to create users on demand.<\/span><\/p>\n<pre class=\"lang:default decode:true\">docker exec -it couchbase_main \\\r\n\u00a0\u00a0\u00a0\u00a0.\/bin\/couchbase-cli user-manage \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--cluster https:\/\/127.0.0.1 \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--username Administrator \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--password password \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--set \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--rbac-username couchbase-vault-user \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--rbac-password password \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--roles admin \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0--auth-domain local<\/pre>\n<p>Once the user is created, it will show up as a user in the UI as well:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-14589\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/image_2023-06-27_121122322-1024x446.png\" alt=\"\" width=\"900\" height=\"392\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121122322-1024x446.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121122322-300x131.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121122322-768x335.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121122322.png 1179w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Step 6: Integrating Vault and Couchbase Server<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Now that both Vault and Couchbase Server are configured, we need to integrate them. Follow these steps:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enable Vault&#8217;s database engine<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"wrap:true lang:default decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault secrets enable database\"<\/pre>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Initialize the Couchbase Server plugin<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"wrap:true lang:default decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c 'PEM=$(wget -O - https:\/\/Administrator:password@couchbase_main:8091\/pools\/default\/certificate|base64 -w0) &amp;&amp; vault login password &amp;&amp; vault write database\/config\/demo-db plugin_name=\"couchbase-database-plugin\" hosts=\"couchbases:\/\/couchbase_main\" username=couchbase-vault-user password=password tls=true insecure_tls=true base64pem=${PEM} allowed_roles=*'<\/pre>\n<p><span style=\"font-weight: 400;\">Let me explain the command above a little bit more in detail.<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Using <em>wget<\/em> we download the certificate from Couchbase Server as we need it later on.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Login into Vault with <\/span><span style=\"font-weight: 400;\"><em>vault login<\/em>.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a <em>demo-db<\/em> configuration using the <em>couchbase-database-plugin<\/em>. We need to specify our Couchbase server and a user (<em>couchbase-vault-user<\/em>) to connect to it.<\/span><\/li>\n<\/ol>\n<p><b>Please note:<\/b><span style=\"font-weight: 400;\"> we specified <em>allowed_roles<\/em> to be <em>*<\/em> which is not recommended in production as it will permit the creation of a Couchbase user with any available roles.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Rotate the password of the couchbase user<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Since we used a very insecure password to set up the connection between Couchbase Server and Vault, it is important to change the password by executing the command below:<\/span><\/p>\n<pre class=\"wrap:true lang:default decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault write -f database\/rotate-root\/demo-db\"<\/pre>\n<p><span style=\"font-weight: 400;\">Lets validate that the password indeed has been changed. We can do this by trying to log in as <em>couchbase-vault-user<\/em> using the Couchbase UI.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should see an error message Login failed. This confirms that Vault was able to rotate the password of the user that Vault uses to talk to Couchbase Server:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-14590\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/image_2023-06-27_121250835-1024x616.png\" alt=\"\" width=\"900\" height=\"541\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121250835-1024x616.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121250835-300x181.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121250835-768x462.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121250835.png 1181w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Step 7: Create a demo Vault policy<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Finally we need to create a Vault policy. Use the command vault policy. This policy will be used to create new users in Couchbase<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The command below will create a HashiCorp Vault role that can create users with ro_admin roles in Couchbase.<\/span><\/p>\n<pre class=\"wrap:true lang:default decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c 'vault login password &amp;&amp; vault write database\/roles\/couchbase-ro-admin-role db_name=demo-db default_ttl=\"5m\" max_ttl=\"1h\" creation_statements='\\''{\"roles\":[{\"role\":\"ro_admin\"}]}'\\'''<\/pre>\n<h2><span style=\"font-weight: 400;\">Step 8: Testing the Integration<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Now that the integration is complete, we can test it. Follow these steps:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a user<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"wrap:true lang:default decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault read database\/creds\/couchbase-ro-admin-role\"<\/pre>\n<p><span style=\"font-weight: 400;\">If all configured properly you should see a new user created like the one below:<\/span><\/p>\n<pre class=\"lang:default decode:true\">Key\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Value\r\n---\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 -----\r\nlease_id \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 database\/creds\/couchbase-ro-admin-role\/8EeLw4eerXDMeMZuG37wgBxA\r\nlease_duration \u00a0 \u00a0 5m\r\nlease_renewable\u00a0 \u00a0 true\r\npassword \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ujkm5Da-BrG-WcOJLEdQ\r\nusername \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 V_TOKEN_COUCHBASE-RO-ADMIN-ROLE_ZAIDHM1UCOED9XDSTECN_1686320194<\/pre>\n<p><span style=\"font-weight: 400;\">You can now use this user to log into Couchbase or use the UI to see if the user indeed exists:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-14591\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/image_2023-06-27_121358651-1024x431.png\" alt=\"\" width=\"900\" height=\"379\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121358651-1024x431.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121358651-300x126.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121358651-768x324.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/image_2023-06-27_121358651.png 1182w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Please note: This user has a five minute lease. If you wait five minutes then the user will be deprovisioned by Vault automatically. You can use Vault to extend the lease or to create a new user. For further information consult <\/span><a href=\"https:\/\/developer.hashicorp.com\/vault\/docs\/secrets\/databases\/couchbase\"><span style=\"font-weight: 400;\">Vault&#8217;s documentation<\/span><\/a>.<\/p>\n<h2><span style=\"font-weight: 400;\">Conclusion<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Integrating Couchbase Server with HashiCorp Vault is a great way to secure access to your data. In this blog post, we have seen how to do just that. By following the steps outlined above, you can easily integrate Couchbase Server with HashiCorp Vault.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Keeping in mind the steps we&#8217;ve outlined are intended solely for testing and demonstrations, it is crucial to understand that when it comes to secure production deployments, adhering to industry best practices is paramount. To guarantee that both your Vault and Couchbase server are appropriately configured and fortified, which falls beyond the scope of this article, we strongly advise following these recommended practices.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are a few things to consider when you create user accounts in Couchbase. User creation is asynchronous in ns_server. It will only be 100% available on the node in which the request was made and then they are created on the other nodes asynchronously. As an example, if you were to create\u00a0 a user every minute and delete it, you would reach 525600 deleted users in a year which is still safe for many years. Just keep in mind that creating millions of users could have an impact on your cluster\u2019s user creation performance and creating many millions of users is beyond anything we have tested so far.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In today&#8217;s fast-paced world, data security is of utmost importance, especially when dealing with sensitive information. A key component of data security is authentication, which protects data from being stolen. HashiCorp Vault is one of the technologies that can help [&hellip;]<\/p>\n","protected":false},"author":84313,"featured_media":14592,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1816,1813,2201],"tags":[9337,1519,9705],"ppma_author":[9812],"class_list":["post-14585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-server","category-security","category-tools-sdks","tag-application-development","tag-docker","tag-hashicorp-vault"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.8 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HashiCorp Vault with Couchbase Server - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HashiCorp Vault with Couchbase Server\" \/>\n<meta property=\"og:description\" content=\"In today&#8217;s fast-paced world, data security is of utmost importance, especially when dealing with sensitive information. A key component of data security is authentication, which protects data from being stolen. HashiCorp Vault is one of the technologies that can help [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-27T19:27:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-12T18:11:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1764\" \/>\n\t<meta property=\"og:image:height\" content=\"1126\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Istvan Orban\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Istvan Orban\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\"},\"author\":{\"name\":\"Istvan Orban, Principal Product Manager\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26\"},\"headline\":\"HashiCorp Vault with Couchbase Server\",\"datePublished\":\"2023-06-27T19:27:35+00:00\",\"dateModified\":\"2023-07-12T18:11:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\"},\"wordCount\":1148,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg\",\"keywords\":[\"application development\",\"docker\",\"hashicorp vault\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Server\",\"Security\",\"Tools &amp; SDKs\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\",\"name\":\"HashiCorp Vault with Couchbase Server - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg\",\"datePublished\":\"2023-06-27T19:27:35+00:00\",\"dateModified\":\"2023-07-12T18:11:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg\",\"width\":1764,\"height\":1126},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HashiCorp Vault with Couchbase Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26\",\"name\":\"Istvan Orban, Principal Product Manager\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c873b4cba9199faca7f2d3db2f443f81\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png\",\"caption\":\"Istvan Orban, Principal Product Manager\"},\"description\":\"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/istvanorban\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HashiCorp Vault with Couchbase Server - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/","og_locale":"en_US","og_type":"article","og_title":"HashiCorp Vault with Couchbase Server","og_description":"In today&#8217;s fast-paced world, data security is of utmost importance, especially when dealing with sensitive information. A key component of data security is authentication, which protects data from being stolen. HashiCorp Vault is one of the technologies that can help [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/","og_site_name":"The Couchbase Blog","article_published_time":"2023-06-27T19:27:35+00:00","article_modified_time":"2023-07-12T18:11:06+00:00","og_image":[{"width":1764,"height":1126,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg","type":"image\/jpeg"}],"author":"Istvan Orban","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Istvan Orban","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/"},"author":{"name":"Istvan Orban, Principal Product Manager","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26"},"headline":"HashiCorp Vault with Couchbase Server","datePublished":"2023-06-27T19:27:35+00:00","dateModified":"2023-07-12T18:11:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/"},"wordCount":1148,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg","keywords":["application development","docker","hashicorp vault"],"articleSection":["Best Practices and Tutorials","Couchbase Server","Security","Tools &amp; SDKs"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/","url":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/","name":"HashiCorp Vault with Couchbase Server - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg","datePublished":"2023-06-27T19:27:35+00:00","dateModified":"2023-07-12T18:11:06+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/06\/hashicorp-vault-couchbase-scott-webb-unsplash-scaled-e1687893872126.jpg","width":1764,"height":1126},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/hashicorp-vault-with-couchbase-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"HashiCorp Vault with Couchbase Server"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26","name":"Istvan Orban, Principal Product Manager","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c873b4cba9199faca7f2d3db2f443f81","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","caption":"Istvan Orban, Principal Product Manager"},"description":"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.","url":"https:\/\/www.couchbase.com\/blog\/author\/istvanorban\/"}]}},"authors":[{"term_id":9812,"user_id":84313,"is_guest":0,"slug":"istvanorban","display_name":"Istvan Orban","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png"},"author_category":"","last_name":"Orban","first_name":"Istvan","job_title":"","user_url":"","description":"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/14585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/84313"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=14585"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/14585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/14592"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=14585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=14585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=14585"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=14585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}