Skip to content

Securing

TLS

The SEAL NATS server can use TLS semantics to encrypt client, route, and monitoring connections. To enable TLS encryption follow these steps:

  1. Open the /opt/seal/etc/nats.conf configuraton file.

  2. Uncomment the following section:

    # TLS configuration
# tls: {
#     cert_file: "./cert.pem"
#     key_file: "./key.pem"
# }

  3. Insert the paths to certificate and key files.

    # TLS configuration
tls: {
    cert_file: "/opt/seal/etc/tls-external/cert.pem"
    key_file: "/opt/seal/etc/tls-external/key.pem"
}

  4. Save the file.

  5. Restart the service.

    sudo systemctl restart seal-nats

Token Authentication

Client connections can also get secured by token authentication. To use this method follow these steps:

  1. Open the /opt/seal/etc/nats.conf configuration file.

  2. Uncomment the following section:

    # Secure connection with token
authorization {
    token: "unsecure_token"
}

  3. Provide a secure token.

    Example - authorization

    # Secure connection with token
authorization {
    token: "G!(<TyIxhB.r^/yLYj;d)+c@g;!9vFn"
}

  4. Save the file.

  5. Restart the service.

    sudo systemctl restart seal-nats
Back to top