Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
54 lines (42 sloc) 1.68 KB
syntax = "proto3";
package gloo.solo.io;
option go_package = "github.com/solo-io/gloo/projects/gloo/pkg/api/v1";
import "gogoproto/gogo.proto";
option (gogoproto.equal_all) = true;
import "github.com/solo-io/gloo/projects/gloo/api/v1/extensions.proto";
import "github.com/solo-io/solo-kit/api/v1/metadata.proto";
/*
@solo-kit:resource.short_name=sec
@solo-kit:resource.plural_name=secrets
@solo-kit:resource.resource_groups=api.gloo.solo.io,discovery.gloo.solo.io,translator.supergloo.solo.io
Certain plugins such as the AWS Lambda Plugin require the use of secrets for authentication, configuration of SSL Certificates, and other data that should not be stored in plaintext configuration.
Gloo runs an independent (goroutine) controller to monitor secrets. Secrets are stored in their own secret storage layer. Gloo can monitor secrets stored in the following secret storage services:
* Kubernetes Secrets
* Hashicorp Vault
* Plaintext files (recommended only for testing)
* Secrets must adhere to a structure, specified by the plugin that requires them.
Gloo's secret backend can be configured in Gloo's bootstrap options
*/
message Secret {
oneof kind {
AwsSecret aws = 1;
AzureSecret azure = 2;
TlsSecret tls = 3;
Extension extension = 4;
}
// Metadata contains the object metadata for this resource
core.solo.io.Metadata metadata = 7 [(gogoproto.nullable) = false];
}
// TODO(ilackarms) move these to plugin protos
message AwsSecret {
string access_key = 1;
string secret_key = 2;
}
message AzureSecret {
map<string,string> api_keys = 1;
}
message TlsSecret {
string cert_chain = 1;
string private_key = 2;
string root_ca = 3;
}