1syntax = "proto3"; 2 3package envoy.api.v2.auth; 4 5import "envoy/api/v2/auth/common.proto"; 6import "envoy/api/v2/core/base.proto"; 7import "envoy/api/v2/core/config_source.proto"; 8 9import "udpa/annotations/migrate.proto"; 10import "udpa/annotations/sensitive.proto"; 11import "udpa/annotations/status.proto"; 12 13option java_package = "io.envoyproxy.envoy.api.v2.auth"; 14option java_outer_classname = "SecretProto"; 15option java_multiple_files = true; 16option go_package = "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"; 17option (udpa.annotations.file_migrate).move_to_package = 18 "envoy.extensions.transport_sockets.tls.v3"; 19option (udpa.annotations.file_status).package_version_status = FROZEN; 20 21// [#protodoc-title: Secrets configuration] 22 23message GenericSecret { 24 // Secret of generic type and is available to filters. 25 core.DataSource secret = 1 [(udpa.annotations.sensitive) = true]; 26} 27 28message SdsSecretConfig { 29 // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. 30 // When both name and config are specified, then secret can be fetched and/or reloaded via 31 // SDS. When only name is specified, then secret will be loaded from static resources. 32 string name = 1; 33 34 core.ConfigSource sds_config = 2; 35} 36 37// [#next-free-field: 6] 38message Secret { 39 // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. 40 string name = 1; 41 42 oneof type { 43 TlsCertificate tls_certificate = 2; 44 45 TlsSessionTicketKeys session_ticket_keys = 3; 46 47 CertificateValidationContext validation_context = 4; 48 49 GenericSecret generic_secret = 5; 50 } 51} 52