secret.proto

Package: gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/secret.proto

Secret

Certain plugins such as the AWS Lambda Plugin require the use of secrets for authentication, configuration of SSL Certificates, and other data that should not be stored in plaintext configuration.

Gloo runs an independent (goroutine) controller to monitor secrets. Secrets are stored in their own secret storage layer. Gloo can monitor secrets stored in the following secret storage services:

Gloo’s secret backend can be configured in Gloo’s bootstrap options

"aws": .gloo.solo.io.AwsSecret
"azure": .gloo.solo.io.AzureSecret
"tls": .gloo.solo.io.TlsSecret
"extension": .gloo.solo.io.Extension
"metadata": .core.solo.io.Metadata
Field Type Description Default
aws .gloo.solo.io.AwsSecret AWS credentials. Only one of aws, azure, or extension can be set.
azure .gloo.solo.io.AzureSecret Azure credentials. Only one of azure, aws, or extension can be set.
tls .gloo.solo.io.TlsSecret TLS secret specification. Only one of tls, aws, or extension can be set.
extension .gloo.solo.io.Extension Arbitrary secret specification. Only one of extension, aws, or tls can be set.
metadata .core.solo.io.Metadata Metadata contains the object metadata for this resource.

AwsSecret

There are two ways of providing AWS secrets:

will produce a Kubernetes resource similar to this (note the aws field and resource_kind annotation):

apiVersion: v1
data:
  aws: base64EncodedStringForMachineConsumption
kind: Secret
metadata:
  annotations:
    resource_kind: '*v1.Secret'
  creationTimestamp: "2019-08-23T15:10:20Z"
  name: aws-secret-from-glooctl
  namespace: default
  resourceVersion: "592637"
  selfLink: /api/v1/namespaces/default/secrets/secret-e2e
  uid: 1f8c147f-c5b8-11e9-bbf3-42010a8001bc
type: Opaque
Field Type Description Default
accessKey string provided by glooctl create secret aws.
secretKey string provided by glooctl create secret aws.

AzureSecret

"apiKeys": map<string, string>
Field Type Description Default
apiKeys map<string, string> provided by glooctl create secret azure.

TlsSecret

"certChain": string
"privateKey": string
"rootCa": string
Field Type Description Default
certChain string provided by glooctl create secret tls.
privateKey string provided by glooctl create secret tls.
rootCa string provided by glooctl create secret tls.