Hiding cbbackup credentials


#1

In Couchbase 5, it is necessary to set a username/password on the buckets in order to read from them remotely.

Is there any existing way to hide cbbackup credentials from the command line? The reason being, they will appear in the process list and therefore in the server logs as I run it via docker.

Having them appear in the process list is insecure. If they could be brought in by environment variables or read from a file that would be a major improvement and very easy to implement.

Also, it seems necessary to make the backup user have full admin access to a bucket in order to back it up. Are there any plans afoot to change that or provide more fine grained control of access?


#2

Hello @Matthew_Hook,

Is there any existing way to hide cbbackup credentials from the command line? The reason being, they will appear in the process list and therefore in the server logs as I run it via docker.

Having them appear in the process list is insecure. If they could be brought in by environment variables or read from a file that would be a major improvement and very easy to implement.

The following environment can be used as noted in the manual pages and the documentation:

ENVIRONMENT AND CONFIGURATION VARIABLES
       CB_CLUSTER
           Specifies the hostname of the Couchbase cluster to connect to. If
           the hostname is supplied as a command line argument then this value
           is overridden.

       CB_USERNAME
           Specifies the username for authentication to a Couchbase cluster.
           If the username is supplied as a command line argument then this
           value is overridden.

       CB_PASSWORD
           Specifies the password for authentication to a Couchbase cluster.
           If the password is supplied as a command line argument then this
           value is overridden.

       CB_ARCHIVE_PATH
           Specifies the path to the backup archive. If the archive path is
           supplied as a command line argument then this value is overridden.

Also, it seems necessary to make the backup user have full admin access to a bucket in order to back it up.

There is a Data Backup role:

Given the nature of backing up and restoring it does require a lot of permissions to do the job.

Are there any plans afoot to change that or provide more fine grained control of access?

Out of interest what permission would you like the backup role to be restricted to?

One option I can think of is to have two roles, a backup_role and a restore_role, where the backup_role is limited to read_only access.