Publish a Dockerfile or include it in the standard nats-io file

[disarticulate]

Trying to put some containers together, and find it odd that I need go to build a tool to secure nats.

Why not provide either:

1. A binary inside the nats-io dockerfiles
   or
2. A Dockerfile that builds the binary.

I'm not a go programmer but certainly appreciate whenever I can build a product like this without having to install all the dev tools inside a docker or my own shell.

[derekcollison]

Which binary are you referring to?

In general folks use the NATS cli and nsc..

[disarticulate]

Not sure. When I got to the manual https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt#what-are-nkeys it looks like they're talking about nats.

a single line docker command looks like:
docker run golang:latest bash -c "go install github.com/nats-io/nkeys/nk@latest && nk -gen user"

Dockerfile then is something like

FROM golang:latest
RUN go install github.com/nats-io/nkeys/nk@latest
CMD ["nk"]

Just seems odd (to someone who doesnt Go) to recommend compile a custom key gen. Why wouldn't this just be a command in nats. Obviously there's ways around it, but if it's party of the security system, perhaps the main nats build should include it?

[derekcollison]

That utility is for creating custom nkeys and in general is not needed at all for normal operations.

/cc @bruth

[bruth]

@disarticulate Can you describe what your desired end state is? Based on the page you linked to, you are wanting to setup the decentralized (JWT-based) auth? The page is an in-depth guide that gets into the weeds, including discussing what nkeys are and how they related to this auth mode, but as Derek said, it is not required to use the nk to make anything manually.

The nsc tool is used to bootstrap the operator, system account, and server config as well as manage accounts and users. This includes generating nkeys and the JWTs.

In terms of a container, there is nats-box which packages up the CLI, nsc, and nats-top.