Managing Secrets in Couchbase 4.6

Couchbase has introduced a new feature in version 4.6 to manage secrets, which are stored encrypted and can be rotated easily, without impacting SDK clients or performance. The system uses a two-level key hierarchy for rotating master passwords and supporting multiple master passwords, making it easier to integrate with other systems like KMIP servers. A strong Key Derivation Function is used to generate keys, and AES 256-bit algorithm in GCM mode is employed for encryption. Secret management allows rotation of secrets at different levels of the key hierarchy periodically or after a breach, and can be done using REST API or CLI commands. The system provides auditing capabilities for all rotations and setting of master passwords. A sample setup example is provided to demonstrate how to set up a server with a master password using CLI on Ubuntu 14.