How do you allow ip address on Couchbase server

Hi ! I went through the doc and wasn’t able to figure out how to allow a certain IP address or put policies on IPs on the Couchbase server I instanciated on my VM.
The idea is to connect from my computer to the server on the VM and simply run a SDK script with the connection tools and creating an ETL process for the data I have on the server. I understand how this is done on Capella and I would also want to know if there was a couchbase capella command from commandline to do this.

Thanks a lot for your answer !

In the past, I used this code for using the Capella API. I haven’t used it for some time. Here I use it to get the endpoint.

import static;
import static java.nio.charset.StandardCharsets.UTF_8;

import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.tls.HandshakeCertificates;

import java.time.Duration;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import com.couchbase.client.core.env.IoConfig;
import com.couchbase.client.core.env.SecurityConfig;
import com.fasterxml.jackson.databind.ObjectMapper;

 * Sample code for connecting to Capella through both the control-plane and the data-plane. An Access Key and a Secret
 * Key are required and a bucket named "my_bucket" on the 'last' cluster. <br>
 * 1) Create a cluster that has data, index and query nodes. <br>
 * 2) Cluster -> Connectivity : allow your client ip address (or all ip address 0/<br>
 * 3) Create a user "user" in the cluster with password "Couch0base!" and Read/Write access to all buckets <br>
 * 4) Create a bucket named "my_bucket" <br>
 * 5) Get your access key from API Keys. The secret key is available only when the key is generated. If you have not
 * saved it, then generate a new key and save the secret key. <br>
public class CapellaConnectSample {

	static final String cbc_access_key = "3gcpgyTBzOetdXXXXOAtmLYBe3f9ZSVN"; // replace with your access key and...
	static final String cbc_secret_key = "PWiACuJIZUlv0fCZaIQbhIZZZZXVZCDdRBbpdaWlACioN7jkuOINCUVrU2QL1jVO"; // secret key
	// Update this to your cluster
	static String bucketName = "my_bucket";
	static String username = "user";
	static String password = "mYpAsSwD";
	// User Input ends here.

	static final String hostname = "";
	static final HandshakeCertificates clientCertificates = new HandshakeCertificates.Builder()
	static final OkHttpClient httpClient = new OkHttpClient.Builder()
			.sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager()).build();

	protected static final ObjectMapper MAPPER = new ObjectMapper();
	static final String authorizationHeaderLabel = "Authorization";
	static final String timestampHeaderLabel = "Couchbase-Timestamp";

	public static void main(String... args) {
		String endpoint = null; // "";
		List<String> clusterIds = getClustersControlPlane();
		// the following loop assumes that the desired cluster is the last one in the list.
		// If this is not the case, then the endpoint for the desired cluster must be selected.
		for (String id : clusterIds) {
			endpoint = getClusterControlPlane(id);

		ClusterEnvironment env = ClusterEnvironment.builder()

		// Initialize the Connection
		Cluster cluster = Cluster.connect(endpoint, ClusterOptions.clusterOptions(username, password).environment(env));
		Bucket bucket = cluster.bucket(bucketName);
		Collection collection = bucket.defaultCollection();


		// Create a JSON Document
		JsonObject arthur = JsonObject.create().put("name", "Arthur").put("email", "")
				.put("interests", JsonArray.from("Holy Grail", "African Swallows"));

		// Store the Document
		collection.upsert("u:king_arthur", arthur);

		// Load the Document and print it
		// Prints Content and Metadata of the stored Document

		// Perform a N1QL Query
		QueryResult result = cluster.query(String.format("SELECT name FROM `%s` WHERE $1 IN interests", bucketName),
				queryOptions().parameters(JsonArray.from("African Swallows")));

		// Print each found Row
		for (JsonObject row : result.rowsAsObject()) {


	public static List<String> getClustersControlPlane() {
		List<String> clusterIds = new ArrayList<>();
		Map<String, Object> decoded = doRequest(hostname, "GET", "/v3/clusters");
		HashMap data = (HashMap) decoded.get("data");
		List<Map> items = (List<Map>) data.get("items");
		for (Map m : items) {
			clusterIds.add((String) m.get("id"));
		return clusterIds;

	// the methods below are required only to get the endpoint (host)

	public static String getClusterControlPlane(String clusterId) {
		String endpointsSrv;
		Map<String, Object> decoded = doRequest(hostname, "GET", "/v3/clusters/" + clusterId);
		endpointsSrv = (String) decoded.get("endpointsSrv");
		return endpointsSrv;

	private static Map<String, Object> doRequest(String hostname, String cbc_api_method, String cbc_api_endpoint) {
		Map<String, Object> decoded;
		String responseString;
		try {
			String cbc_api_now = Long.toString(System.currentTimeMillis());
			String authorizationValue = getApiSignature(cbc_api_method, cbc_api_endpoint, cbc_api_now);
			String urlString = "https://" + hostname + cbc_api_endpoint;
			System.err.println("curl --header \"" + authorizationHeaderLabel + ": " + authorizationValue + "\" --header \""
					+ timestampHeaderLabel + ": " + cbc_api_now + "\" " + urlString);
			Response response = httpClient.newCall(new Request.Builder().header(authorizationHeaderLabel, authorizationValue)
					.header(timestampHeaderLabel, cbc_api_now).url(urlString).build()).execute();
			responseString = response.body().string();
		} catch (IOException | NoSuchAlgorithmException | InvalidKeyException e) {
			throw new RuntimeException(e);

		try {
			decoded = (Map<String, Object>) MAPPER.readValue(responseString.getBytes(UTF_8), Map.class);
		} catch (IOException e) {
			throw new RuntimeException("Error decoding, raw: " + responseString, e);
		return decoded;

	private static String getApiSignature(String cbc_api_method, String cbc_api_endpoint, String cbc_api_now)
			throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {
		String cbc_api_message = cbc_api_method + '\n' + cbc_api_endpoint + '\n' + cbc_api_now;
		return "Bearer " + cbc_access_key + ':' + new String(Base64.getEncoder()
				.encode(hmac("hmacSHA256", cbc_secret_key.getBytes("utf-8"), cbc_api_message.getBytes("utf-8"))));

	static byte[] hmac(String algorithm, byte[] key, byte[] message)
			throws NoSuchAlgorithmException, InvalidKeyException {
		Mac mac = Mac.getInstance(algorithm);
		mac.init(new SecretKeySpec(key, algorithm));
		return mac.doFinal(message);