Memory Resolver Tutorial

The MEMORY resolver is a server built-in resolver for account JWTs. If there are a small number of accounts, or they do not change too often this can be a simpler configuration that does not require an external account resolver. Server configuration reload is supported, meaning the preloads can be updated in the server configuration and reloaded without a server restart.

The basic configuration for the server requires:

  • The operator JWT
  • resolver set to MEMORY
  • resolver_preload set to an object where account public keys are mapped to account JWTs.

Create Required Entities

Let’s create the setup:

  1. > nsc add operator -n memory
  2. Generated operator key - private key stored "~/.nkeys/memory/memory.nk"
  3. Success! - added operator "memory"
  5. > nsc add account --name A
  6. Generated account key - private key stored "~/.nkeys/memory/accounts/A/A.nk"
  7. Success! - added account "A"
  9. > nsc describe account -W
  10. ╭──────────────────────────────────────────────────────────────────────────────────────╮
  11.                                    Account Details                                    
  12. ├───────────────────────────┬──────────────────────────────────────────────────────────┤
  13.  Name                       A                                                        
  14.  Account ID                 ACSU3Q6LTLBVLGAQUONAGXJHVNWGSKKAUA7IY5TB4Z7PLEKSR5O6JTGR 
  15.  Issuer ID                  ODWZJ2KAPF76WOWMPCJF6BY4QIPLTUIY4JIBLU4K3YDG3GHIWBVWBHUZ 
  16.  Issued                     2019-04-30 20:21:34 UTC                                  
  17.  Expires                                                                             
  18. ├───────────────────────────┼──────────────────────────────────────────────────────────┤
  19.  Max Connections            Unlimited                                                
  20.  Max Leaf Node Connections  Unlimited                                                
  21.  Max Data                   Unlimited                                                
  22.  Max Exports                Unlimited                                                
  23.  Max Imports                Unlimited                                                
  24.  Max Msg Payload            Unlimited                                                
  25.  Max Subscriptions          Unlimited                                                
  26.  Exports Allows Wildcards   True                                                     
  27. ├───────────────────────────┼──────────────────────────────────────────────────────────┤
  28.  Imports                    None                                                     
  29.  Exports                    None                                                     
  30. ╰───────────────────────────┴──────────────────────────────────────────────────────────╯
  32. > nsc add user --name TA
  33. Generated user key - private key stored "~/.nkeys/memory/accounts/A/users/TA.nk"
  34. Generated user creds file "~/.nkeys/memory/accounts/A/users/TA.creds"
  35. Success! - added user "TA" to "A"

Create the Server Config

The nsc tool can generate a configuration file automatically. You provide a path to the server configuration. The nsc tool will generate the server config for you:

  1. > nsc generate config --mem-resolver --config-file /tmp/server.conf 
  2. Success!! - generated "/tmp/server.conf"

If you require additional settings, you may want to consider using include in your main configuration, to reference the generated files. Otherwise, you can start a server and reference the generated configuration:

  1. > nats-server -c /tmp/server.conf

You can then test it.

Manual Server Config

While generating a configuration file is easy, you may want to craft one by hand to know the details. With the entities created, and a standard location for the .nsc directory. You can reference the operator JWT and the account JWT in a server configuration or the JWT string directly. Remember that your configuration will be in $NSC_HOME/nats/<operator_name>/<operator_name>.jwt for the operator. The account JWT will be in $NSC_HOME/nats/<operator_name>/accounts/<account_name>/<account_name>.jwt

For the configuration you’ll need:

  • The path to the operator JWT
  • A copy of the contents of the account JWT file

The format of the file is:

  1. operator: <path to the operator jwt or jwt itself>
  2. resolver: MEMORY
  3. resolver_preload: {
  4.     <public key for an account>: <contents of the account jwt>
  5.     ### add as many accounts as you want
  6.     ...
  7. }

In this example this translates to:

  1. operator: /Users/synadia/.nsc/nats/memory/memory.jwt
  2. resolver: MEMORY
  3. resolver_preload: {
  4. ACSU3Q6LTLBVLGAQUONAGXJHVNWGSKKAUA7IY5TB4Z7PLEKSR5O6JTGR: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJPRFhJSVI2Wlg1Q1AzMlFJTFczWFBENEtTSDYzUFNNSEZHUkpaT05DR1RLVVBISlRLQ0JBIiwiaWF0IjoxNTU2NjU1Njk0LCJpc3MiOiJPRFdaSjJLQVBGNzZXT1dNUENKRjZCWTRRSVBMVFVJWTRKSUJMVTRLM1lERzNHSElXQlZXQkhVWiIsIm5hbWUiOiJBIiwic3ViIjoiQUNTVTNRNkxUTEJWTEdBUVVPTkFHWEpIVk5XR1NLS0FVQTdJWTVUQjRaN1BMRUtTUjVPNkpUR1IiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0._WW5C1triCh8a4jhyBxEZZP8RJ17pINS8qLzz-01o6zbz1uZfTOJGvwSTS6Yv2_849B9iUXSd-8kp1iMXHdoBA
  5. }

Save the config at server.conf and start the server:

  1. > nats-server -c server.conf

You can then test it.

Testing the Configuration

To test the configuration, simply use one of the standard tools:

  1. > nats-pub -creds ~/.nkeys/creds/memory/accounts/A/TA.creds hello world
  2. Published [hello] : 'world'