[nats] [nack] accounts vs authorization vs .creds, sensitive data not in secrets

[artiommocrenco]

What version were you using?

1.1.11

What environment was the server running in?

k8s

Is this defect reproducible?

yes

Given the capability you are leveraging, describe your expectation?

I would expect there to be a documented way to configure everything related to passwords using kubernetes secrets

Given the expectation, what is the defect you are observing?

I am observing lack of documentation on the topic (accounts vs authorization) and lack of possibility to use kubernetes secrets

[artiommocrenco]

I am observing that accounts has effect on the /etc/nats-config/nats.conf file, while /etc/nats/nats-server.conf still has this:

  authorization {
    user: ruser
    password: T0pS3cr3t
    timeout: 2
  }

[artiommocrenco]

more confusion arises when trying to configure jetstream controller which asks for some .creds file

[artiommocrenco]

I figured it out yesterday, posting in case someone else has similar issues.

/etc/nats/nats-server.conf may have no effect at all as it is not being read by nats in this case.

accounts is for multi-tenancy (see NATS docs). So I ended up using authorization

For nack, .creds file is not required: one can specify username & password in the URI. This, however, makes it hard to use kubernetes secrets.