# Enable the NATS secrets engine
vault secrets enable nats
# An operator will be created by default.
# The operator's NKey seed can be overridden
vault write nats/operator nkey=$(nk -gen operator)
# Get the operator's public key and a JWT signed
# by the private key. This can be used as the root
# JWT for a NATS cluster
vault read nats/operator
# Create / update a NATS account. The JWT for the
# account will be signed using the corresponding
# mount's operator private key.
vault write nats/accounts/SYS nkey=$(nk -gen account)
# Get an account's JWT and public key. This can be used
# to back an account JWT service
vault read nats/accounts/SYS
# Generate user credentials for the specified account. The credentials
# will expire after 15m (overridable using the ttl and max_ttl fields)
# and follow the normal semantics for vault secret leases.
vault read nats/accounts/SYS/user-creds
-
Notifications
You must be signed in to change notification settings - Fork 0
A vault secrets engine for storing NATS NKeys
License
egoodhall/vault-secrets-engine-nats
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
A vault secrets engine for storing NATS NKeys