Hello. So my understanding is that in order to encrypt by field, I’d need to do so using the SDK by using Java SDK version 3.0.5 or later, and by importing the Java Couchbase Encryption library version 3.0.0 or later. Is this all that is required, or will I also need to upgrade to the enterprise edition of Couchbase?
Also, what sort of performance impact might I see by implementing this FLE? Are there any metrics available anywhere?
Hi @GBarr ,
will I also need to upgrade to the enterprise edition of Couchbase?
You can develop using Community Edition, but you’ll need to upgrade to Enterprise Edition before deploying to production, since the Field-Level Encryption library is released under the terms of the Couchbase Enterprise Subscription License Agreement. If that’s something you’d like to pursue, sending a sales inquiry is one way to get in touch with the sales team.
what sort of performance impact might I see by implementing this FLE? Are there any metrics available anywhere?
Encryption is CPU-intensive, so a measurable performance hit is to be expected. I’m not aware of any formal benchmarks, but I will let the performance team know this is a common request.
If it helps to answer your question, I wrote a simple single-threaded ad-hoc benchmark with warmup and aggregation over a hundred thousand iterations. Using the FLE library’s
AEAD_AES_256_CBC_HMAC_SHA512 algorithm, my laptop with a 2.5 GHz Intel Core i7 can encrypt 32-byte fields at a rate of ~100,000 ops/sec, and 1024-byte fields at a rate of ~50,000 ops/sec. Looking at it another way, encryption added ~10 microseconds of overhead for a 32-byte field, and ~20 microseconds of overhead for a 1024-byte field.
Please take these numbers with a grain of salt, since your production hardware no doubt has different performance characteristics. As always, the most reliable way to determine the impact would be to measure using representative field values on the actual hardware.