From cad86516abe8d5ed6618c50d15046164c425189e Mon Sep 17 00:00:00 2001
From: Stephen Asbury <sasbury@synadia.com>
Date: Wed, 29 May 2019 14:13:05 -0700
Subject: [PATCH] Added doc on replication and activation tokens.

---
 nats_tools/nas/README.md   | 3 +++
 nats_tools/nas/nas_conf.md | 8 ++------
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/nats_tools/nas/README.md b/nats_tools/nas/README.md
index fc48e78..2f036be 100644
--- a/nats_tools/nas/README.md
+++ b/nats_tools/nas/README.md
@@ -8,6 +8,9 @@ The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an
 
 The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that JWT in the store have been modified, updating the NATS server with the updated JWT.
 
+The server supports replica mode, which allows load balancing, fault tolerance and geographic distribution of servers. Replicas are read-only and copy JWTs from the primary based on cache invalidation or NATS notifications.
+
+The account server can host activation tokens as well as account JWTs. These tokens are used when one account needs to give permission to another account to access a private export. Tokens can be configured as full tokens, or URLs. By hosting them in the account server you can avoid the copy/paste process of embedding tokens. They can also be updated more easily on expiration.
 
 ### Memory Resolver
 
diff --git a/nats_tools/nas/nas_conf.md b/nats_tools/nas/nas_conf.md
index ff88e71..e9953f5 100644
--- a/nats_tools/nas/nas_conf.md
+++ b/nats_tools/nas/nas_conf.md
@@ -108,7 +108,8 @@ Let's take a look at the configuration options:
 | `operatorjwtpath` | The path to an operator JWT. Required for non-read-only servers. Only JWTs signed by the operator (or one of it's signing keys) are accepted. |
 | `store` | A `store` configuration block specifying store options. |
 | `systemaccountjwtpath` | Path to an Account JWT that should be returned as the system account. |
-
+| `primary` | URL for the primary, `protocol://host:port`. |
+| `replicationtimeout` | Timeout, in milliseconds, used by the replica when talking to the primary, defaults to `5000`. |
 
 #### `store` Configuration
 
@@ -157,8 +158,3 @@ Let's take a look at the configuration options:
 | `root` | filepath to the CA certificate. |
 | `cert` | filepath to the certificate. |
 | `cert` | filepath to the certificate key. |
-
-
-
-
-