Username/Password

You can authenticate one or more clients using username and passwords; this enables you to have greater control over the management and issuance of credential secrets.

For a single user:

  1. authorization: {
  2.     user: a,
  3.     password: b
  4. }

You can also specify a single username/password by:

  1. > nats-server --user a --pass b

For multiple users:

  1. authorization: {
  2.     users: [
  3.         {user: a, password: b},
  4.         {user: b, password: a}
  5.     ]
  6. }

Bcrypted Passwords

Username/password also supports bcrypted passwords using the nats tool. Simply replace the clear text password with the bcrypted entries:

  1. > nats server passwd
  2. ? Enter password [? for help] **********************
  3. ? Reenter password [? for help] **********************
  5. $2a$11$V1qrpBt8/SLfEBr4NJq4T.2mg8chx8.MTblUiTBOLV3MKDeAy.f7u

And on the configuration file:

  1. authorization: {
  2.     users: [
  3.         {user: a, password: "$2a$11$V1qrpBt8/SLfEBr4NJq4T.2mg8chx8.MTblUiTBOLV3MKDeAy.f7u"},
  4.         ...
  5.     ]
  6. }

Reloading a Configuration

As you add/remove passwords from the server configuration file, you’ll want your changes to take effect. To reload without restarting the server and disconnecting clients, do:

  1. > nats-server --signal reload