.. _envoy_v3_api_file_envoy/extensions/transport_sockets/tls/v3/secret.proto:

Secrets configuration (proto)
=============================






.. _envoy_v3_api_msg_extensions.transport_sockets.tls.v3.GenericSecret:

extensions.transport_sockets.tls.v3.GenericSecret
-------------------------------------------------


:repo:`[extensions.transport_sockets.tls.v3.GenericSecret proto] <api/envoy/extensions/transport_sockets/tls/v3/secret.proto#L21>`




.. code-block:: json
  :force:

  {
    "secret": {...}
  }

.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.GenericSecret.secret:


secret
  (:ref:`config.core.v3.DataSource <envoy_v3_api_msg_config.core.v3.DataSource>`) Secret of generic type and is available to filters.



.. _envoy_v3_api_msg_extensions.transport_sockets.tls.v3.SdsSecretConfig:

extensions.transport_sockets.tls.v3.SdsSecretConfig
---------------------------------------------------


:repo:`[extensions.transport_sockets.tls.v3.SdsSecretConfig proto] <api/envoy/extensions/transport_sockets/tls/v3/secret.proto#L28>`




.. code-block:: json
  :force:

  {
    "name": ...,
    "sds_config": {...}
  }

.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.SdsSecretConfig.name:


name
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) Name by which the secret can be uniquely referred to. When both name and config are specified,
  then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret
  will be loaded from static resources.


.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.SdsSecretConfig.sds_config:


sds_config
  (:ref:`config.core.v3.ConfigSource <envoy_v3_api_msg_config.core.v3.ConfigSource>`) 


.. _envoy_v3_api_msg_extensions.transport_sockets.tls.v3.Secret:

extensions.transport_sockets.tls.v3.Secret
------------------------------------------


:repo:`[extensions.transport_sockets.tls.v3.Secret proto] <api/envoy/extensions/transport_sockets/tls/v3/secret.proto#L40>`




.. code-block:: json
  :force:

  {
    "name": ...,
    "tls_certificate": {...},
    "session_ticket_keys": {...},
    "validation_context": {...},
    "generic_secret": {...}
  }

.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.name:


name
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.


.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.tls_certificate:


tls_certificate
  (:ref:`extensions.transport_sockets.tls.v3.TlsCertificate <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.TlsCertificate>`) 
  

  Only one of :ref:`tls_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.validation_context>`, :ref:`generic_secret <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.generic_secret>` may be set.

.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.session_ticket_keys:


session_ticket_keys
  (:ref:`extensions.transport_sockets.tls.v3.TlsSessionTicketKeys <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.TlsSessionTicketKeys>`) 
  

  Only one of :ref:`tls_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.validation_context>`, :ref:`generic_secret <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.generic_secret>` may be set.

.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.validation_context:


validation_context
  (:ref:`extensions.transport_sockets.tls.v3.CertificateValidationContext <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.CertificateValidationContext>`) 
  

  Only one of :ref:`tls_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.validation_context>`, :ref:`generic_secret <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.generic_secret>` may be set.

.. _envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.generic_secret:


generic_secret
  (:ref:`extensions.transport_sockets.tls.v3.GenericSecret <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.GenericSecret>`) 
  

  Only one of :ref:`tls_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.tls_certificate>`, :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.session_ticket_keys>`, :ref:`validation_context <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.validation_context>`, :ref:`generic_secret <envoy_v3_api_field_extensions.transport_sockets.tls.v3.Secret.generic_secret>` may be set.