NATS Permissions
Subject and Account Requirements
NATS Nkey hierarchies can be complex, and their structure varies depending on isolation requirements. In a system where Wasm components are executing from multiple tenants in a way that they are isolated from the control plane but not isolated from each other, the following structure is recommended:
- 1 operator key (optionally signed with another operator key)
- 1 account key per tenant, signed with the above operator key
- 1 user key for wasmCloud Control Operations
- 1 user key for wasmCloud RPC Operations
- 1 account key per tenant, signed with the above operator key
RPC User Permissions
User RPC keys need to be given access to the following subjects:
Component RPC Access
{lattice}.{component_id}.wrpc.>- Example:
default.http-client.wrpc.> - Recommended: To permit all traffic in a single lattice:
default.*.wrpc.> - Optional: To permit all traffic to all lattices:
**.**.wrpc.>
- Example:
Control User Permissions
The wasmCloud control user key should have access to the following subjects:
Core Control Interface
wasmbus.ctl.{version}.{lattice}.{noun}.{verb}.{optional_name}- Example:
wasmbus.ctl.> - Control interface operations can be further restricted by specifying the operation, version, lattice, noun, verb, host ID.
- Example:
Event Publishing
wasmbus.evt.*.*- For publishing cloud events
wadm API Access
wadm.>- For wadm API access, command and event publishing
Provider Communication
wasmbus.rpc.>- For communicating with capability providers
Optional Extension Subjects
The following subjects are required for optional wasmCloud features:
Configuration Services
wasmbus.cfg.>- For communicating with configuration services
Policy Engines
wasmcloud.policy- For communicating with policy engines
Secrets Backends
wasmcloud.secrets.>- For communicating with secrets backends
Security Recommendations
- Use separate credentials for RPC and control interface connections in production environments
- Enable TLS on NATS servers to prevent eavesdropping
- Principle of least privilege - grant only the minimum required subject access
- Regular key rotation following your organization's security policies