= nats_jetstream :type: output :status: stable :categories: ["Services"] //// THIS FILE IS AUTOGENERATED! To make changes, edit the corresponding source file under: https://github.com/redpanda-data/connect/tree/main/internal/impl/. And: https://github.com/redpanda-data/connect/tree/main/cmd/tools/docs_gen/templates/plugin.adoc.tmpl //// // © 2024 Redpanda Data Inc. component_type_dropdown::[] Write messages to a NATS JetStream subject. Introduced in version 3.46.0. [tabs] ====== Common:: + -- ```yml # Common config fields, showing default values output: label: "" nats_jetstream: urls: [] # No default (required) subject: foo.bar.baz # No default (required) headers: {} metadata: include_prefixes: [] include_patterns: [] max_in_flight: 1024 ``` -- Advanced:: + -- ```yml # All config fields, showing default values output: label: "" nats_jetstream: urls: [] # No default (required) subject: foo.bar.baz # No default (required) headers: {} metadata: include_prefixes: [] include_patterns: [] max_in_flight: 1024 tls: enabled: false skip_cert_verify: false enable_renegotiation: false root_cas: "" root_cas_file: "" client_certs: [] auth: nkey_file: ./seed.nk # No default (optional) nkey: '!!!SECRET_SCRUBBED!!!' # No default (optional) user_credentials_file: ./user.creds # No default (optional) user_jwt: "" # No default (optional) user_nkey_seed: "" # No default (optional) inject_tracing_map: meta = @.merge(this) # No default (optional) ``` -- ====== == Connection name When monitoring and managing a production NATS system, it is often useful to know which connection a message was send/received from. This can be achieved by setting the connection name option when creating a NATS connection. Benthos will automatically set the connection name based off the label of the given NATS component, so that monitoring tools between NATS and Benthos can stay in sync. == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] and https://docs.nats.io/using-nats/developer/connecting/creds[User Credentials^]. See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file The NATS server can use these NKeys in several ways for authentication. The simplest is for the server to be configured with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` or `nkey` field. https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/nkey_auth[More details^]. === User credentials NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] and a corresponding https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/nkey_auth[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. https://docs.nats.io/using-nats/developer/connecting/creds[More details^]. == Fields === `urls` A list of URLs to connect to. If an item of the list contains commas it will be expanded into multiple URLs. *Type*: `array` ```yml # Examples urls: - nats://127.0.0.1:4222 urls: - nats://username:password@127.0.0.1:4222 ``` === `subject` A subject to write to. This field supports xref:configuration:interpolation.adoc#bloblang-queries[interpolation functions]. *Type*: `string` ```yml # Examples subject: foo.bar.baz subject: ${! meta("kafka_topic") } subject: foo.${! json("meta.type") } ``` === `headers` Explicit message headers to add to messages. This field supports xref:configuration:interpolation.adoc#bloblang-queries[interpolation functions]. *Type*: `object` *Default*: `{}` Requires version 4.1.0 or newer ```yml # Examples headers: Content-Type: application/json Timestamp: ${!meta("Timestamp")} ``` === `metadata` Determine which (if any) metadata values should be added to messages as headers. *Type*: `object` === `metadata.include_prefixes` Provide a list of explicit metadata key prefixes to match against. *Type*: `array` *Default*: `[]` ```yml # Examples include_prefixes: - foo_ - bar_ include_prefixes: - kafka_ include_prefixes: - content- ``` === `metadata.include_patterns` Provide a list of explicit metadata key regular expression (re2) patterns to match against. *Type*: `array` *Default*: `[]` ```yml # Examples include_patterns: - .* include_patterns: - _timestamp_unix$ ``` === `max_in_flight` The maximum number of messages to have in flight at a given time. Increase this to improve throughput. *Type*: `int` *Default*: `1024` === `tls` Custom TLS settings can be used to override system defaults. *Type*: `object` === `tls.enabled` Whether custom TLS settings are enabled. *Type*: `bool` *Default*: `false` === `tls.skip_cert_verify` Whether to skip server side certificate verification. *Type*: `bool` *Default*: `false` === `tls.enable_renegotiation` Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you're seeing the error message `local error: tls: no renegotiation`. *Type*: `bool` *Default*: `false` Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` ```yml # Examples root_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ``` === `tls.root_cas_file` An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. *Type*: `string` *Default*: `""` ```yml # Examples root_cas_file: ./root_cas.pem ``` === `tls.client_certs` A list of client certificates to use. For each certificate either the fields `cert` and `key`, or `cert_file` and `key_file` should be specified, but not both. *Type*: `array` *Default*: `[]` ```yml # Examples client_certs: - cert: foo key: bar client_certs: - cert_file: ./example.pem key_file: ./example.key ``` === `tls.client_certs[].cert` A plain text certificate to use. *Type*: `string` *Default*: `""` === `tls.client_certs[].key` A plain text certificate key to use. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` === `tls.client_certs[].cert_file` The path of a certificate to use. *Type*: `string` *Default*: `""` === `tls.client_certs[].key_file` The path of a certificate key to use. *Type*: `string` *Default*: `""` === `tls.client_certs[].password` A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` ```yml # Examples password: foo password: ${KEY_PASSWORD} ``` === `auth` Optional configuration of NATS authentication parameters. *Type*: `object` === `auth.nkey_file` An optional file containing a NKey seed. *Type*: `string` ```yml # Examples nkey_file: ./seed.nk ``` === `auth.nkey` The NKey seed. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` Requires version 4.38.0 or newer ```yml # Examples nkey: UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4 ``` === `auth.user_credentials_file` An optional file containing user credentials which consist of an user JWT and corresponding NKey seed. *Type*: `string` ```yml # Examples user_credentials_file: ./user.creds ``` === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` === `inject_tracing_map` EXPERIMENTAL: A xref:guides:bloblang/about.adoc[Bloblang mapping] used to inject an object containing tracing propagation information into outbound messages. The specification of the injected fields will match the format used by the service wide tracer. *Type*: `string` Requires version 4.23.0 or newer ```yml # Examples inject_tracing_map: meta = @.merge(this) inject_tracing_map: root.meta.span = this ```