.. _envoy_api_file_envoy/api/v2/auth/secret.proto:

Secrets configuration
=====================


.. _envoy_api_msg_auth.GenericSecret:

auth.GenericSecret
------------------

`[auth.GenericSecret proto] <https://github.com/envoyproxy/envoy/blob/v1.15.2/api/envoy/api/v2/auth/secret.proto#L21>`_


.. code-block:: json

  {
    "secret": "{...}"
  }

.. _envoy_api_field_auth.GenericSecret.secret:

secret
  (:ref:`core.DataSource <envoy_api_msg_core.DataSource>`) Secret of generic type and is available to filters.
  
  


.. _envoy_api_msg_auth.SdsSecretConfig:

auth.SdsSecretConfig
--------------------

`[auth.SdsSecretConfig proto] <https://github.com/envoyproxy/envoy/blob/v1.15.2/api/envoy/api/v2/auth/secret.proto#L26>`_


.. code-block:: json

  {
    "name": "...",
    "sds_config": "{...}"
  }

.. _envoy_api_field_auth.SdsSecretConfig.name:

name
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
  When both name and config are specified, then secret can be fetched and/or reloaded via
  SDS. When only name is specified, then secret will be loaded from static resources.
  
  
.. _envoy_api_field_auth.SdsSecretConfig.sds_config:

sds_config
  (:ref:`core.ConfigSource <envoy_api_msg_core.ConfigSource>`) 
  


.. _envoy_api_msg_auth.Secret:

auth.Secret
-----------

`[auth.Secret proto] <https://github.com/envoyproxy/envoy/blob/v1.15.2/api/envoy/api/v2/auth/secret.proto#L36>`_


.. code-block:: json

  {
    "name": "...",
    "tls_certificate": "{...}",
    "session_ticket_keys": "{...}",
    "validation_context": "{...}",
    "generic_secret": "{...}"
  }

.. _envoy_api_field_auth.Secret.name:

name
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
  
  
.. _envoy_api_field_auth.Secret.tls_certificate:

tls_certificate
  (:ref:`auth.TlsCertificate <envoy_api_msg_auth.TlsCertificate>`) 
  
  
  Only one of :ref:`tls_certificate <envoy_api_field_auth.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_api_field_auth.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_api_field_auth.Secret.validation_context>`, :ref:`generic_secret <envoy_api_field_auth.Secret.generic_secret>` may be set.
  
.. _envoy_api_field_auth.Secret.session_ticket_keys:

session_ticket_keys
  (:ref:`auth.TlsSessionTicketKeys <envoy_api_msg_auth.TlsSessionTicketKeys>`) 
  
  
  Only one of :ref:`tls_certificate <envoy_api_field_auth.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_api_field_auth.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_api_field_auth.Secret.validation_context>`, :ref:`generic_secret <envoy_api_field_auth.Secret.generic_secret>` may be set.
  
.. _envoy_api_field_auth.Secret.validation_context:

validation_context
  (:ref:`auth.CertificateValidationContext <envoy_api_msg_auth.CertificateValidationContext>`) 
  
  
  Only one of :ref:`tls_certificate <envoy_api_field_auth.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_api_field_auth.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_api_field_auth.Secret.validation_context>`, :ref:`generic_secret <envoy_api_field_auth.Secret.generic_secret>` may be set.
  
.. _envoy_api_field_auth.Secret.generic_secret:

generic_secret
  (:ref:`auth.GenericSecret <envoy_api_msg_auth.GenericSecret>`) 
  
  
  Only one of :ref:`tls_certificate <envoy_api_field_auth.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_api_field_auth.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_api_field_auth.Secret.validation_context>`, :ref:`generic_secret <envoy_api_field_auth.Secret.generic_secret>` may be set.