我的书签
添加书签
移除书签Managed Operators
Accounts, as represented by their JWTs, are signed by the operator. Some operators may use local copies of JWTs, others may use the nats-account-server to manage their JWTs. Synadia uses a custom server for their JWTs that works similarly to the open-sourced account server.
There are a few special commands when dealing with server based operators:
- Account JWTs can be pulled from a server using
nsc pull
For managed operators this push/pull behavior is built into nsc. Each time you edit your account JWT nsc will push the change to a managed operator’s server and pull the signed response. If this fails the JWT on disk may not match the value on the server. You can always push or pull the account again without editing it. Note - push only works if the operator JWT was configured with an account server URL.
To start using a managed operator you need to tell nsc about it. There are a couple ways to do this. First you can manually tell to download the operator JWT using the add operator command:
The URL you pass in should be provided to you by the operator. The second way to add a managed operator is with the init command:
or
Once you add a managed operator you can add accounts to it normally, with the caveat that new accounts are pushed and pulled as described above.
To define a well known operator, you would tell nsc about an operator that you want people in your environment to use by name with a simple environment variable of the form nsc_<operator name>_operator the value of this environment variable should be the URL for getting the operator JWT. For example:
will tell nsc that there is a well known operator named zoom with its JWT at https://account-server-host/jwt/v1/operator. With this definition you can now use the -u flag with the name “zoom” to add the operator to an nsc store directory.
You can also set one or more service urls. These allow the nsc tool actions like pub and sub to work. For example:
nsc tool pub hello world
