Couchbase supports node-to-node encryption, which encrypts network traffic between individual nodes and multiple Couchbase services deployed on those nodes, enabling compliance with privacy regulations like HIPAA. The cluster encryption level can be set to three different values: Control, All, or Strict, controlling the level of encryption applied to connections within the cluster. To enable node-to-node encryption, users must disable auto-failover, then use specific commands to set the cluster encryption level and verify its success. Disabling node-to-node encryption involves changing the cluster encryption level back to Control and disabling it through the CLI or REST API. Additionally, when securing a server with X509 certificates, node-to-node encryption must be disabled before uploading or rotating certificates, and re-enabled afterwards. The extra secure communication comes at an added performance cost due to the encryption overhead.