Secrets configuration

This documentation is for the Envoy v3 API.

As of Envoy v1.18 the v2 API has been removed and is no longer supported.

If you are upgrading from v2 API config you may wish to view the v2 API documentation:

api/v2/auth/secret.proto

extensions.transport_sockets.tls.v3.GenericSecret

[extensions.transport_sockets.tls.v3.GenericSecret proto]

  1. {
  2. "secret": "{...}"
  3. }

secret

(config.core.v3.DataSource) Secret of generic type and is available to filters.

extensions.transport_sockets.tls.v3.SdsSecretConfig

[extensions.transport_sockets.tls.v3.SdsSecretConfig proto]

  1. {
  2. "name": "...",
  3. "sds_config": "{...}"
  4. }

name

(string, REQUIRED) Name by which the secret can be uniquely referred to. When both name and config are specified, then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret will be loaded from static resources.

sds_config

(config.core.v3.ConfigSource)

extensions.transport_sockets.tls.v3.Secret

[extensions.transport_sockets.tls.v3.Secret proto]

  1. {
  2. "name": "...",
  3. "tls_certificate": "{...}",
  4. "session_ticket_keys": "{...}",
  5. "validation_context": "{...}",
  6. "generic_secret": "{...}"
  7. }

name

(string) Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.

tls_certificate

(extensions.transport_sockets.tls.v3.TlsCertificate)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.

session_ticket_keys

(extensions.transport_sockets.tls.v3.TlsSessionTicketKeys)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.

validation_context

(extensions.transport_sockets.tls.v3.CertificateValidationContext)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.

generic_secret

(extensions.transport_sockets.tls.v3.GenericSecret)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.