Replace mkpasswd with natscli (#223)

With mkpasswd now gone from nats-server, this change replaces instances of mkpasswd with the new official natscli tool.
2025-01-18 04:03:23 -08:00 · 2021-02-17 13:59:12 -08:00 · 2021-02-17 13:59:12 -08:00 · 3f01c728c1
commit 3f01c728c1
parent d3dd6913fc
8 changed files with 81 additions and 68 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -111,7 +111,7 @@
 ## NATS Tools

 * [Introduction](nats-tools/nats-tools.md)
-* [mkpasswd](nats-tools/mkpasswd.md)
+* [nats](nats-tools/natscli.md)
 * [nk](nats-tools/nk.md)
 * [nsc](nats-tools/nsc/README.md)
  * [Basics](nats-tools/nsc/nsc.md)
--- a/developing-with-nats/security/userpass.md
+++ b/developing-with-nats/security/userpass.md
@ -6,12 +6,14 @@ For this example, start the server using:
 > nats-server --user myname --pass password
 ```

-You can encrypt passwords to pass to `nats-server` using a simple [tool](../../nats-tools/mkpasswd.md) provided by the server:
+You can encrypt passwords to pass to `nats-server` using a simple [tool](../../nats-tools/natscli.md):

 ```bash
-> go run mkpasswd.go -p
-> password: password
-> bcrypt hash: $2a$11$1oJy/wZYNTxr9jNwMNwS3eUGhBpHT3On8CL9o7ey89mpgo88VG6ba
+> nats server passwd
+? Enter password [? for help] **********************
+? Reenter password [? for help] **********************
+
+$2a$11$qbtrnb0mSG2eV55xoyPqHOZx/lLBlryHRhU3LK2oOPFRwGF/5rtGK
 ```

 and use the hashed password in the server config. The client still uses the plain text version.
--- a/docs/nats_tools/README.md
+++ b/docs/nats_tools/README.md
@ -2,7 +2,7 @@

 The NATS Ecosystem has many tools to support server configuration, enhance monitoring or tune performance:

- [mkpasswd](nats_tools/mkpasswd.md) - Generates or bcrypts passwords
+- [nats](nats_tools/natscli.md) - Interact with and manage NATS
 - [nk](nats_tools/nk.md) - Generate NKeys
 - [nsc](nats_tools/nsc/README.md) - Configure Operators, Accounts and Users
 - [nats account server](nats_tools/nas/README.md) - Serve Account JWTs
--- a/nats-server/configuration/securing_nats/auth_intro/tokens.md
+++ b/nats-server/configuration/securing_nats/auth_intro/tokens.md
@ -29,12 +29,14 @@ Listening on [>]

 Tokens can be bcrypted enabling an additional layer of security, as the clear-text version of the token would not be persisted on the server configuration file.

-You can generate bcrypted tokens and passwords using the [`mkpasswd`](../../../../nats-tools/mkpasswd.md) tool:
+You can generate bcrypted tokens and passwords using the [`nats`](../../../../nats-tools/natscli.md) tool:

 ```text
-> mkpasswd
-pass: dag0HTXl4RGg7dXdaJwbC8
-bcrypt hash: $2a$11$PWIFAL8RsWyGI3jVZtO9Nu8.6jOxzxfZo7c/W0eLk017hjgUKWrhy
+> nats server passwd
+? Enter password [? for help] **********************
+? Reenter password [? for help] **********************
+
+$2a$11$PWIFAL8RsWyGI3jVZtO9Nu8.6jOxzxfZo7c/W0eLk017hjgUKWrhy
 ```

 Here's a simple configuration file:
--- a/nats-server/configuration/securing_nats/auth_intro/username_password.md
+++ b/nats-server/configuration/securing_nats/auth_intro/username_password.md
@ -30,12 +30,14 @@ authorization: {

 ## Bcrypted Passwords

-Username/password also supports bcrypted passwords using the [`mkpasswd`](../../../../nats-tools/mkpasswd.md) tool. Simply replace the clear text password with the bcrypted entries:
+Username/password also supports bcrypted passwords using the [`nats`](../../../../nats-tools/natscli.md) tool. Simply replace the clear text password with the bcrypted entries:

 ```text
-> mkpasswd
-pass: (Uffs#rG42PAu#Oxi^BNng
-bcrypt hash: $2a$11$V1qrpBt8/SLfEBr4NJq4T.2mg8chx8.MTblUiTBOLV3MKDeAy.f7u
+> nats server passwd
+? Enter password [? for help] **********************
+? Reenter password [? for help] **********************
+
+$2a$11$V1qrpBt8/SLfEBr4NJq4T.2mg8chx8.MTblUiTBOLV3MKDeAy.f7u
 ```

 And on the configuration file:
--- a/nats-tools/mkpasswd.md
+++ b/nats-tools/mkpasswd.md
@ -1,52 +0,0 @@
-# mkpasswd
-
-The server supports hashing of passwords and authentication tokens using `bcrypt`. To take advantage of this, simply replace the plaintext password in the configuration with its `bcrypt` hash, and the server will automatically utilize `bcrypt` as needed.
-
-A utility for creating `bcrypt` hashes is included with the nats-server distribution \(`util/mkpasswd.go`\). Running it with no arguments will generate a new secure password along with the associated hash. This can be used for a password or a token in the configuration.
-
-## Installing `mkpasswd`
-
-If you have [go installed](https://golang.org/doc/install), you can easily install the `mkpasswd` tool by doing:
-
-```text
-go get github.com/nats-io/nats-server/util/mkpasswd
-```
-
-Alternatively, you can:
-
-```text
-git clone git@github.com:nats-io/nats-server
-cd nats-server/util/mkpasswd
-go install mkpasswd.go
-```
-
-## Generating bcrypted passwords
-
-With `mkpasswd` installed:
-
-```text
-> mkpasswd
-pass: #IclkRPHUpsTmACWzmIGXr
-bcrypt hash: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
-```
-
-If you already have a password selected, you can supply the `-p` flag on the command line, enter your desired password, and a `bcrypt` hash will be generated for it:
-
-```text
-> mkpasswd -p
-Enter Password: *******
-Reenter Password: ******
-bcrypt hash: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
-```
-
-To use the password on the server, add the hash into the server configuration file's authorization section.
-
-```text
-  authorization {
-    user: derek
-    password: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
-  }
-```
-
-Note the client will still have to provide the plain text version of the password, the server however will only store the hash to verify that the password is correct when supplied.
-
--- a/nats-tools/nats-tools.md
+++ b/nats-tools/nats-tools.md
@ -2,7 +2,7 @@

 The NATS Ecosystem has many tools to support server configuration, enhance monitoring or tune performance:

-* [mkpasswd](mkpasswd.md) - Generates or bcrypts passwords
+* [nats](natscli.md) - Interact with and manage NATS
 * [nk](nk.md) - Generate NKeys
 * [nsc](nsc/) - Configure Operators, Accounts and Users
 * [nats account server](nas/) - Serve Account JWTs
--- a/nats-tools/natscli.md
+++ b/nats-tools/natscli.md
@ -0,0 +1,59 @@
+# natscli
+
+A command line utility to interact with and manage NATS.
+
+This utility replaces various past tools that were named in the form `nats-sub` and `nats-pub`, adds several new capabilities and support full JetStream management.
+
+Check out the repo for more details: [github.com/nats-io/natscli](https://github.com/nats-io/natscli).
+
+## Installing `nats`
+
+For macOS:
+
+```
+> brew tap nats-io/nats-tools
+> brew install nats-io/nats-tools/nats
+```
+
+For Arch Linux:
+
+```
+> yay natscli
+```
+
+For Docker:
+
+```
+docker pull synadia/nats-box:latest
+
+docker run -ti synadia/nats-box
+```
+
+Binaries are also available as [GitHub Releases](https://github.com/nats-io/natscli/releases).
+
+## Generating bcrypted passwords
+
+The server supports hashing of passwords and authentication tokens using `bcrypt`. To take advantage of this, simply replace the plaintext password in the configuration with its `bcrypt` hash, and the server will automatically utilize `bcrypt` as needed.
+
+The `nats` utility has a command for creating `bcrypt` hashes. This can be used for a password or a token in the configuration.
+
+With `nats` installed:
+
+```plain
+> nats server passwd
+? Enter password [? for help] **********************
+? Reenter password [? for help] **********************
+
+$2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
+```
+
+To use the password on the server, add the hash into the server configuration file's authorization section.
+
+```
+  authorization {
+    user: derek
+    password: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
+  }
+```
+
+Note the client will still have to provide the plain text version of the password, the server however will only store the hash to verify that the password is correct when supplied.