NATS Sink ​
The NATS sink forwards CDEvents to NATS subjects. It supports both NATS Core (fire-and-forget pub/sub) and NATS JetStream (persistent, acknowledged publishing).
Configuration ​
[sinks.nats]
enabled = true
type = "nats"
url = "nats://localhost:4222"
subject = "cdevents"Parameters ​
Required Parameters ​
type(string): Must be set to"nats"url(string): NATS server URL (e.g.nats://localhost:4222,tls://secure-nats:4222)subject(string): Target NATS subject for publishing messages
Optional Parameters ​
enabled(boolean): Enable/disable the NATS sink (default:true)timeout(duration): Timeout for message publishing (default:30s)credentials(string): Path to a NATS credentials file (.creds) for NKey/JWT authenticationtoken(string): Authentication token for NATS token authenticationusername(string): Username for NATS user/password authenticationpassword(string): Password for NATS user/password authenticationheaders(array): Header generation configuration for outgoing messagesjetstream(object): JetStream publisher configuration (see JetStream)
JetStream Parameters ​
When the jetstream table is present, messages are published via JetStream with acknowledgement from the server.
jetstream.enabled(boolean): Publish via JetStream instead of NATS Core (default:false)
Message Format ​
JSON Serialization ​
CDEvents are serialized to JSON and published to the configured NATS subject:
{
"context": {
"version": "0.4.0",
"id": "dev.cdevents.build.started.0.1.0-12345",
"source": "github.com/myorg/myrepo",
"type": "dev.cdevents.build.started.0.1.0",
"timestamp": "2024-01-15T10:30:00Z"
},
"subject": {
"id": "build-456",
"type": "build",
"content": {
"id": "build-456",
"source": "github.com/myorg/myrepo"
}
}
}Message Headers ​
NATS messages include:
- Content-Type: Always set to
application/json - Source Headers: Preserved headers from the original pipeline message
- Generated Headers: Configured authentication or signature headers
JetStream ​
NATS JetStream provides durable, acknowledged publishing. Use JetStream publishing when you need confirmation that the message was persisted to a stream before continuing.
[sinks.nats_persistent]
enabled = true
type = "nats"
url = "nats://localhost:4222"
subject = "cdevents"
[sinks.nats_persistent.jetstream]
enabled = trueThe target stream must already exist in NATS JetStream and must be configured to capture the subject used by this sink.
Authentication ​
NATS sinks support flexible authentication through credentials files, tokens, or user/password, and outgoing message headers for downstream consumers.
Message Headers ​
Generate custom headers for downstream consumers:
[sinks.nats]
type = "nats"
url = "nats://localhost:4222"
subject = "events"
[sinks.nats.headers]
# Bearer token for downstream authentication
"Authorization" = { type = "static", value = "Bearer downstream-token" }
# HMAC signature for message integrity
"X-Message-Signature" = { type = "signature", token = "signing-secret", signature_prefix = "sha256=", signature_on = "body", signature_encoding = "hex" }NKey / JWT Credentials ​
[sinks.nats]
type = "nats"
url = "tls://secure-nats.company.com:4222"
subject = "cdevents"
credentials = "/etc/nats/cdviz.creds"→ Complete Header Authentication Guide
Examples ​
Basic NATS Publisher ​
[sinks.nats_events]
enabled = true
type = "nats"
url = "nats://localhost:4222"
subject = "cdevents"JetStream Publisher ​
[sinks.nats_persistent]
enabled = true
type = "nats"
url = "nats://localhost:4222"
subject = "cdevents"
[sinks.nats_persistent.jetstream]
enabled = trueSecure NATS Integration ​
[sinks.secure_nats]
enabled = true
type = "nats"
url = "tls://secure-nats.company.com:4222"
subject = "secure-events"
credentials = "/etc/nats/cdviz.creds"
# Add headers for downstream consumers
[sinks.secure_nats.headers]
"X-Producer-ID" = { type = "static", value = "cdviz-collector" }Token Authentication ​
[sinks.nats_token]
enabled = true
type = "nats"
url = "nats://nats.company.com:4222"
subject = "cdevents"
token = "s3cr3t-t0ken"Configuration Reference ​
For NATS server and client configuration, see: