In a project i have to use NATS communication. For the authentification on the NATS-server a credential file (based on JWT) is used. The credential file should be stored on the docker container of NodeRed. With currently available NATS nodes, only the configuration of user and password is possible. There are any options to assign the path of the credential file in the config node of the NATS-server or by msg?
I'm not familiar with NATS but a quick read of the docs for the JWT auth hints at a possible issue.
Namely that the file needed contains a private key and so must be kept very secure. So it will mostly be poor security to expose that file to Node-RED as NR has quite complete access to at least the userDir folder.
So it looks like that file should be stored explicitly outside the general reach of Node-RED and then you should give only READ access to the user id running node-red. Even that is probably insecure as it will allow anyone with access to node-red to access the private information.
It most certainly cannot be inside the docker container as that would be overwritten when the container is updated.
Hi Julian, thanks for your investigation. You are right, we have to take care on this item.
