.. _envoy_api_file_envoy/config/transport_socket/alts/v2alpha/alts.proto:

ALTS
====

.. _extension_envoy.transport_sockets.alts:


This extension may be referenced by the qualified name *envoy.transport_sockets.alts*

.. note::
  

  This extension is intended to be robust against both untrusted downstream and upstream traffic.


.. _envoy_api_msg_config.transport_socket.alts.v2alpha.Alts:

config.transport_socket.alts.v2alpha.Alts
-----------------------------------------

`[config.transport_socket.alts.v2alpha.Alts proto] <https://github.com/envoyproxy/envoy/blob/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c/api/envoy/config/transport_socket/alts/v2alpha/alts.proto#L20>`_

Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy.
https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/

.. code-block:: json

  {
    "handshaker_service": "...",
    "peer_service_accounts": []
  }

.. _envoy_api_field_config.transport_socket.alts.v2alpha.Alts.handshaker_service:

handshaker_service
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The location of a handshaker service, this is usually 169.254.169.254:8080
  on GCE.
  
  
.. _envoy_api_field_config.transport_socket.alts.v2alpha.Alts.peer_service_accounts:

peer_service_accounts
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The acceptable service accounts from peer, peers not in the list will be rejected in the
  handshake validation step. If empty, no validation will be performed.