From 1560ea008977b4415e12612200bd3047936aa085 Mon Sep 17 00:00:00 2001 From: Ivan Kozlovic Date: Thu, 8 Oct 2020 16:39:49 -0600 Subject: [PATCH 1/2] Streaming: added new auth configuration Document the new configuration fields: username, password, token and nkey_seed_file. Relates to: https://github.com/nats-io/nats-streaming-server/pull/1100 https://github.com/nats-io/nats-streaming-server/pull/1101 and will be available in the new Streaming release (v0.19.0) --- nats-streaming-server/configuring/cfgfile.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nats-streaming-server/configuring/cfgfile.md b/nats-streaming-server/configuring/cfgfile.md index e26e162..e082071 100644 --- a/nats-streaming-server/configuring/cfgfile.md +++ b/nats-streaming-server/configuring/cfgfile.md @@ -74,6 +74,19 @@ In general the configuration parameters are the same as the command line argumen | encryption\_cipher | Cipher to use for encryption. Currently support AES and CHAHA \(ChaChaPoly\). Defaults to AES | `AES` or `CHACHA` | `encryption_cipher: "AES"` | Depends on platform | | encryption\_key | Encryption key. It is recommended to specify the key through the `NATS_STREAMING_ENCRYPTION_KEY` environment variable instead | String | `encryption_key: "mykey"` | N/A | | credentials | Credentials file to connect to external NATS 2.0+ Server | String | `credentials: "streaming_server.creds"` | N/A | +| username | Username to use to connect to NATS Server when authentication with multiple users is enabled | String | `username: "streaming_server"` | N/A | +| password | Password for the above with `username` | String | `password: "password"` | N/A | +| token | Authentication token if the NATS Server requires a token | String | `token: "some_token"` | N/A | +| nkey_seed_file | Path to a NKey seed file (1) if NKey authentication is used | File Path | `nkey_seed_file: "/path/to/some/seedfile"` | N/A | + +Notes: + +(1) The seed file contains the NKey seed from which the streaming server can extract the public key and the private key used to sign the nonce sent by the NATS Server when accepting connections from the Streaming server. The file is read during the connection process and the key is used to sign but then wiped from memory. The file must contain the seed file with such format: +``` +-----BEGIN USER NKEY SEED----- +SU +------END USER NKEY SEED------ +``` ## TLS Configuration From 70e7f16ffce273a787d9935f4f459a9944aa6719 Mon Sep 17 00:00:00 2001 From: Ginger Collison Date: Fri, 9 Oct 2020 09:35:29 -0500 Subject: [PATCH 2/2] syntax changes --- nats-streaming-server/configuring/cfgfile.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nats-streaming-server/configuring/cfgfile.md b/nats-streaming-server/configuring/cfgfile.md index e082071..8d9d76e 100644 --- a/nats-streaming-server/configuring/cfgfile.md +++ b/nats-streaming-server/configuring/cfgfile.md @@ -74,14 +74,14 @@ In general the configuration parameters are the same as the command line argumen | encryption\_cipher | Cipher to use for encryption. Currently support AES and CHAHA \(ChaChaPoly\). Defaults to AES | `AES` or `CHACHA` | `encryption_cipher: "AES"` | Depends on platform | | encryption\_key | Encryption key. It is recommended to specify the key through the `NATS_STREAMING_ENCRYPTION_KEY` environment variable instead | String | `encryption_key: "mykey"` | N/A | | credentials | Credentials file to connect to external NATS 2.0+ Server | String | `credentials: "streaming_server.creds"` | N/A | -| username | Username to use to connect to NATS Server when authentication with multiple users is enabled | String | `username: "streaming_server"` | N/A | -| password | Password for the above with `username` | String | `password: "password"` | N/A | +| username | Username is used to connect to a NATS Server when authentication with multiple users is enabled | String | `username: "streaming_server"` | N/A | +| password | Password used with above `username` | String | `password: "password"` | N/A | | token | Authentication token if the NATS Server requires a token | String | `token: "some_token"` | N/A | -| nkey_seed_file | Path to a NKey seed file (1) if NKey authentication is used | File Path | `nkey_seed_file: "/path/to/some/seedfile"` | N/A | +| nkey_seed_file | Path to an NKey seed file (1) if NKey authentication is used | File Path | `nkey_seed_file: "/path/to/some/seedfile"` | N/A | Notes: -(1) The seed file contains the NKey seed from which the streaming server can extract the public key and the private key used to sign the nonce sent by the NATS Server when accepting connections from the Streaming server. The file is read during the connection process and the key is used to sign but then wiped from memory. The file must contain the seed file with such format: +(1) The seed file contains the NKey seed from which the Streaming server can extract the public key and the private key used to sign the nonce sent by the NATS Server when accepting connections from the Streaming server. The file is read during the connection process, the key is used to sign but then wiped from memory. The file must contain the seed file with the following format: ``` -----BEGIN USER NKEY SEED----- SU