tls client
tls client
The tls client binding receives inbound application streams and encodes each as an encrypted network stream via TLS protocol.
tls_client:
type: tls
kind: clientConfiguration (* required)
vault
string
Vault name.
options
object
The tls specific options.
options:
keys:
- localhost
sni:
- localhost
alpn:
- echooptions.version
string
Protocol version.
options.keys
arrayofstring
A list of reference names for the Vault key.
options.trust
arrayofstring
A list of reference names for the Vault certificate.
options.signers
arrayofstring
A list of reference names for the Vault signer certificate.
options.trustcacerts
boolean
Trust CA certificates. When the this property is not explicitly set it will be automatically set to true if options.trust is null.
options.sni
arrayofstring
A list of the Server Name Indications.
options.alpn
arrayofstring
Application protocols.
options.mutual
enum[required,requested,none]
Mutual authentication. When the this property is not explicitly set it will be automatically set to none if options.trust is null, otherwise it will be set to required.
routes*
arrayofobject
Conditional tls specific routes.
routes:
- when:
- alpn: echo
exit: echo_serverroutes[].guarded
objectas map of namedarrayofstring
List of roles required by each named guard to authorize this route.
routes:
- guarded:
my_guard:
- read:itemsroutes[].when
arrayofobject
List of conditions (any match) to match this route. Read more: When a route matches
routes:
- when:
- alpn: echowhen[].authority
string
Associated authority.
when[].alpn
string
Application protocol.
when[].port
integer,string,array
Port number(s), including port number ranges.
routes[].exit
string
Next binding when following this route.
routes:
- when:
...
exit: echo_serverexit
string
Default exit binding when no conditional routes are viable.
exit: echo_servertelemetry
object
Defines the desired telemetry for the binding.
telemetry.metrics
array
Telemetry metrics to track
telemetry:
metrics:
- stream.*