Warning

The v2 xDS API is not supported in Envoy v1.18.0 and above.

Secrets configuration

auth.GenericSecret

[auth.GenericSecret proto]

{
  "secret": "{...}"
}
secret

(core.DataSource) Secret of generic type and is available to filters.

auth.SdsSecretConfig

[auth.SdsSecretConfig proto]

{
  "name": "...",
  "sds_config": "{...}"
}
name

(string) Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. When both name and config are specified, then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret will be loaded from static resources.

sds_config

(core.ConfigSource)

auth.Secret

[auth.Secret proto]

{
  "name": "...",
  "tls_certificate": "{...}",
  "session_ticket_keys": "{...}",
  "validation_context": "{...}",
  "generic_secret": "{...}"
}
name

(string) Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.

tls_certificate

(auth.TlsCertificate)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.

session_ticket_keys

(auth.TlsSessionTicketKeys)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.

validation_context

(auth.CertificateValidationContext)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.

generic_secret

(auth.GenericSecret)

Only one of tls_certificate, session_ticket_keys, validation_context, generic_secret may be set.