tls client
tls client
The tls client binding
Configuration (* required)
vault
string
Vault name.
options
object
tls
-specific options.
options:
keys:
- localhost
sni:
- localhost
alpn:
- echo
options.version
string
Protocol version.
options.keys
array
ofstring
A list of reference names for the Vault key.
options.trust
array
ofstring
A list of reference names for the Vault certificate.
options.signers
array
ofstring
A list of reference names for the Vault signer certificate.
options.trustcacerts
boolean
Trust CA certificates. This property will be considered set to true
when options.trust is null
.
options.sni
array
ofstring
A list of the Server Name Indications.
options.alpn
array
ofstring
Application protocols.
options.mutual
enum
[required
,requested
,none
] | Default:none
Mutual authentication
routes*
array
ofobject
Conditional tls
-specific routes.
routes:
- when:
- alpn: echo
exit: echo_server
routes[].guarded
object
as map of named:array
ofstring
List of roles required by each named guard to authorize this route.
routes:
- guarded:
my_guard:
- read:items
routes[].when
array
ofobject
List of conditions (any match) to match this route.
Read more: When a route matches
routes:
- when:
- alpn: echo
when[].authority
string
Associated authority.
when[].alpn
string
Application protocol.
when[].port
integer
,string
,array
Port number(s), including port number ranges.
routes[].exit
string
Next binding when following this route.
routes:
- when:
...
exit: echo_server
exit
string
Default exit binding when no conditional routes are viable.
exit: echo_server
telemetry
object
Defines the desired telemetry for the binding.
telemetry.metrics
array
Telemetry metrics to track
telemetry:
metrics:
- stream.*