Skip to content

Securing


TLS

The SEAL NATS server can use TLS semantics to encrypt client, route, and monitoring connections. To enable TLS encryption follow these steps:

  1. Open the /opt/seal/etc/nats.conf configuraton file.

  2. Uncomment the following section:

    # TLS configuration
    # tls: {
    #     cert_file: "./cert.pem"
    #     key_file: "./key.pem"
    # }
    
  3. Insert the paths to certificate and key files.

    # TLS configuration
    tls: {
        cert_file: "/opt/seal/etc/tls-external/cert.pem"
        key_file: "/opt/seal/etc/tls-external/key.pem"
    }
    
  4. Save the file.

  5. Restart the service.

    sudo systemctl restart seal-nats
    

Token Authentication

Client connections can also get secured by token authentication. To use this method follow these steps:

  1. Open the /opt/seal/etc/nats.conf configuration file.

  2. Uncomment the following section:

    # Secure connection with token
    authorization {
        token: "unsecure_token"
    }
    
  3. Provide a secure token.

    Example - authorization

    # Secure connection with token
    authorization {
        token: "G!(<TyIxhB.r^/yLYj;d)+c@g;!9vFn"
    }
    
  4. Save the file.

  5. Restart the service.

    sudo systemctl restart seal-nats
    

Back to top