CouchDB

Enclave supports CouchDB 2 Databases. Currently, clustering (i.e. master-master) is not available, but you configure set up peer-to-peer replication (i.e. master-slave) if you’d like.

Logging in to the CouchDB interface (Fauxton)

To maximize security, Enclave enables authentication in CouchDB, and requires valid users. While this is unquestionably a security best practice, a side effect of requiring authentication in CouchDB is that you can’t access the management interface.

Indeed, if you navigate to the management interface on a CouchDB Database where authentication is enabled, you won’t be served login form… because any request, including one for the login form, requires authentication! (more on the CouchDB Blog).

That said, you can easily work around this. Here’s how. When you access your CouchDB Database (either through a Database Endpoint or through a Database Tunnel), open your browser’s console, and run the following code. Make sure to replace USERNAME and PASSWORD on the last line with the actual username and password from your Database Credentials.

This code will log you in, then redirect you to Fauxton, the CouchDB management interface.

(function(name, password) {
  // Don't use a relative URL in fetch: if the user accessed the page by
  // setting a username and password in the URL, that would fail (in fact, it
  // will break Fauxton as well).
  var rootUrl = window.location.href.split('/').slice(0, 3).join('/');
  var basic = btoa(`${name}:${password}`);

  window.fetch(rootUrl + '/_session', {
    method: 'POST',
    credentials: 'include',
    headers: {
      'Content-Type': 'application/json',
      Authorization: `Basic ${basic}`
    },
    body: JSON.stringify({ name, password })
  })
  .then((r) => {
    if (r.status === 200) {
      return window.location.href = rootUrl + '/_utils/';
    }
    return r.text().then(t => {
      throw new Error(t);
    });
  })
  .catch(e => {
    console.log(`login failed: ${e}`);
  });
})('USERNAME', 'PASSWORD');

Connection Security

Enclave CouchDB Databases support connections via the following protocol:

  • For CouchDB version 2.1: TLSv1.2