NATS Docs
NATS.ioTwitterSlackGitHub
Search…
Welcome
Release Notes
What's New!
NATS Concepts
Overview
What is NATS
Subject-Based Messaging
Core NATS
JetStream
Subject Mapping and Partitioning
NATS Service Infrastructure
Security
Connectivity
Using NATS
NATS Tools
nats
nk
nsc
nats-top
Developing With NATS
Running a NATS service
Installing, running and deploying a NATS Server
Environmental considerations
NATS and Docker
NATS and Kubernetes
NATS Server Clients
Configuring NATS Server
Managing and Monitoring your NATS Server Infrastructure
Reference
FAQ
NATS Protocols
Legacy
STAN aka 'NATS Streaming'
nats-account-server
Powered By GitBook
nk
nk is a command line tool that generates nkeys. NKeys are a highly secure public-key signature system based on Ed25519.
With NKeys the server can verify identity without ever storing secrets on the server. The authentication system works by requiring a connecting client to provide its public key and digitally sign a challenge with its private key. The server generates a random challenge with every connection request, making it immune to playback attacks. The generated signature is validated a public key, thus proving the identity of the client. If the public key validation succeeds, authentication succeeds.
NKey is an awesome replacement for token authentication, because a connecting client will have to prove it controls the private key for the authorized public key.

Installing nk

To get started with NKeys, you’ll need the nk tool from https://github.com/nats-io/nkeys/tree/master/nk repository. If you have go installed, enter the following at a command prompt:
go get github.com/nats-io/nkeys/nk

Generating NKeys and Configuring the Server

To generate a User NKEY:
nk -gen user -pubout
SUACSSL3UAHUDXKFSNVUZRF5UHPMWZ6BFDTJ7M6USDXIEDNPPQYYYCU3VY
UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4
The first output line starts with the letter S for Seed. The second letter U stands for User. Seeds are private keys; you should treat them as secrets and guard them with care.
The second line starts with the letter U for User, and is a public key which can be safely shared.
Previous
nats bench
Next
nsc
Last modified 3mo ago
Export as PDF
Copy link
Edit on GitHub
Outline
Installing nk
Generating NKeys and Configuring the Server