Creating regular users in CouchDB

Solution 1:

First you put the user in _users database. The ID of the document must be org.couchdb.user:username, e.g.

With CouchDB 1.2.0 or later use this:

{
    "_id": "org.couchdb.user:dbreader",
    "name": "dbreader",
    "type": "user",
    "roles": [],
    "password": "plaintext_password"
}

CouchDB will hash & salt the password for you on the server side and save the values in the fields password_sha and salt (see below).

With CouchDB < 1.2.0 the user document needs to look like this:

{
    "_id": "org.couchdb.user:dbreader",
    "name": "dbreader",
    "type": "user",
    "roles": [],
    "salt": "54935938852dd34f92c672ab31e397cedaf0946d",
    "password_sha": "42253ea4461a604f967813aaff90b139d7018806"
}

Note that CouchDB 1.3.0 and later will use PBKDF2 instead of aha & salt for hashing the password.

Then you can create per database authentication by creating document with id _security in specific database which is not versioned, e.g.

{
    "admins": {
        "names": ["dbadmin"],
        "roles": ["editor"]
    },
    "readers": {
        "names": ["dbreader"],
        "roles": ["reader"]
    }
}

This means that there are 2 users in _users besides the admin dbadmin and dbreader. That should do in case you are too lazy to read the document that has already been suggested.

Solution 2:

The CouchDB documentation has a short article about the security features of CouchDB, and it includes a section on how to create a new user.