> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure JWT authentication

You can configure [JSON Web Token (JWT) authentication](https://jwt.io/introduction) to allow users to connect to a Pulsar cluster and log in to StreamNative Console.

## Before you begin

* Install the following tools.

  * Install [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) v1.16 or higher.
  * Install [Helm](https://helm.sh/docs/intro/install/) v3.0 or higher.

* Create a Kubernetes cluster, generate a secret key or a private/public key pair, and tokens for installing the Helm chart.

  1. Clone the StreamNative repository.

     ```bash theme={null}
     git clone https://github.com/streamnative/charts.git
     cd charts
     ```

  2. Create required Kubernetes resources.

     * Create a Kubernetes namespace for installing the StreamNative Platform release (if `-c` is specified).
     * Create the JWT secret keys and tokens for four superusers: `broker-admin`, `proxy-admin`, `pulsar-manager-admin`, and `admin`.
       * `broker-admin`: is used for inter-broker communications.
       * `proxy-admin`: is used for communications between Pulsar proxies and Pulsar brokers.
       * `admin`: is used for accessing the `pulsar-admin` CLI tool.
       * `pulsar-manager-admin`: is used for accessing the StreamNative Console.

     ```bash theme={null}
     ./scripts/pulsar/prepare_helm_release.sh -n <k8s-namespace> -k <pulsar-release-name> -c
     ```

     By default, this command generates the asymmetric public/private key pair. You can choose to generate a symmetric secret key by specifying `-symmetric` in the command.

## Enable JWT authentication for StreamNative Platform

To enable JWT authentication for StreamNative Platform, you can specify `auth.authentication.enabled`, `auth.authentication.provider`, and `auth.authentication.jwt.enabled` properties in the `values.yaml` YAML file.

```yaml theme={null}
auth:
  authentication:
    enabled: true # --- [1]
    provider: 'jwt' # --- [2]
    jwt:
      enabled: true # --- [3]
      usingSecretKey: false # --- [4]
```

* \[1] `enabled`: enable or disable authentication on StreamNative Platform.
* \[2] `provider`: specify the authentication provider.
* \[3] `jwt.enabled`: enable or disable JWT authentication on StreamNative Platform.
* \[4] `jwt.usingSecretKey`:
  * If the token is generated by a secret key (symmetric mode), set the `usingSecretKey` option to `true`.
  * If the token is generated by a private key (asymmetric mode), set the `usingSecretKey` option to `false`. This is the default configuration.

## Enable JWT authentication for StreamNative Console

For details about how to configure logging in to StreamNative Console using JWT, see [configure login methods](/private-cloud/v1/streamnative-console/streamnative-console#configure-login-methods).

## Related topics

* [Log in to StreamNative Console using a JWT token](/private-cloud/v1/streamnative-console/login-console#login-for-jwt-authentication)
