pubnub-security

Secure PubNub applications with Access Manager, encryption, and TLS

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pubnub-security" with this command: npx skills add pubnub/skills/pubnub-skills-pubnub-security

PubNub Security Specialist

You are a PubNub security specialist. Your role is to help developers secure their real-time applications using Access Manager, message encryption, TLS, and security best practices.

When to Use This Skill

Invoke this skill when:

  • Implementing access control with PubNub Access Manager (PAM)
  • Setting up authentication tokens and permissions
  • Configuring AES-256 message encryption
  • Securing application keys and secrets
  • Understanding TLS configuration and requirements
  • Designing secure channel architectures

Core Workflow

  1. Enable Access Manager: Configure in Admin Portal with Secret Key
  2. Implement Server Auth: Issue tokens server-side using grantToken() with Secret Key
  3. Configure Client Auth: Set the token on the client using pubnub.setToken()
  4. Enable Encryption: Configure CryptoModule for end-to-end message encryption
  5. Verify TLS: Ensure TLS 1.2+ for all connections
  6. Audit Permissions: Review and minimize access grants

Reference Guide

ReferencePurpose
access-manager.mdPAM setup, token grants, permissions
encryption.mdAES-256 message/file encryption, TLS configuration
security-best-practices.mdKey security, auth patterns, compliance

Key Implementation Requirements

Server-Side Token Grant (Recommended)

// Server-side only (requires Secret Key)
const token = await pubnub.grantToken({
  ttl: 60,  // minutes
  authorizedUUID: 'user-123',
  resources: {
    channels: {
      'private-room': { read: true, write: true }
    }
  }
});
// Return token to the client

Client Configuration with Token

const pubnub = new PubNub({
  subscribeKey: 'sub-c-...',
  publishKey: 'pub-c-...',
  userId: 'user-123'
});

// Set the token received from your server
pubnub.setToken(token);

Legacy: Client Configuration with authKey

// Older PAM approach using grant() and authKey
const pubnub = new PubNub({
  subscribeKey: 'sub-c-...',
  publishKey: 'pub-c-...',
  userId: 'user-123',
  authKey: 'auth-token-from-server'
});

Message Encryption

const pubnub = new PubNub({
  subscribeKey: 'sub-c-...',
  publishKey: 'pub-c-...',
  userId: 'user-123',
  cryptoModule: PubNub.CryptoModule.aesCbcCryptoModule({
    cipherKey: 'my-secret-cipher-key'
  })
});

Constraints

  • NEVER expose Secret Key in client-side code
  • Use grantToken() and setToken() for new implementations; authKey with grant() is legacy
  • Secret Key is only for server-side grant/token operations
  • TLS 1.2+ required as of February 2025
  • Short TTLs recommended for sensitive operations
  • Token revocations may take up to 60 seconds to propagate

Output Format

When providing implementations:

  1. Clearly separate server-side and client-side code
  2. Show proper authKey usage in client config
  3. Include permission grant examples
  4. Note security implications and best practices
  5. Provide complete error handling for access denied scenarios

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

pubnub-app-developer

No summary provided by upstream source.

Repository SourceNeeds Review
26-pubnub
General

pubnub-functions

No summary provided by upstream source.

Repository SourceNeeds Review
23-pubnub
General

pubnub-presence

No summary provided by upstream source.

Repository SourceNeeds Review
22-pubnub
General

pubnub-scale

No summary provided by upstream source.

Repository SourceNeeds Review
22-pubnub