envoy.extensions.transport_sockets.tls.v3.secret.proto Maven / Gradle / Ivy
syntax = "proto3";
package envoy.extensions.transport_sockets.tls.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/extensions/transport_sockets/tls/v3/common.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3";
option java_outer_classname = "SecretProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3;tlsv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Secrets configuration]
message GenericSecret {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.GenericSecret";
// Secret of generic type and is available to filters.
config.core.v3.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
}
message SdsSecretConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.SdsSecretConfig";
// Name by which the secret can be uniquely referred to. When both name and config are specified,
// then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret
// will be loaded from static resources.
string name = 1 [(validate.rules).string = {min_len: 1}];
config.core.v3.ConfigSource sds_config = 2;
}
// [#next-free-field: 6]
message Secret {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.Secret";
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
string name = 1;
oneof type {
TlsCertificate tls_certificate = 2;
TlsSessionTicketKeys session_ticket_keys = 3;
CertificateValidationContext validation_context = 4;
GenericSecret generic_secret = 5;
}
}