|
|
|
@ -232,12 +232,13 @@ message TlsCertificate { |
|
|
|
|
config.core.v3.WatchedDirectory watched_directory = 7; |
|
|
|
|
|
|
|
|
|
// BoringSSL private key method provider. This is an alternative to :ref:`private_key |
|
|
|
|
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be |
|
|
|
|
// marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key |
|
|
|
|
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and |
|
|
|
|
// :ref:`private_key_provider |
|
|
|
|
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an |
|
|
|
|
// error. |
|
|
|
|
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. |
|
|
|
|
// When both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and |
|
|
|
|
// :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields are set, |
|
|
|
|
// ``private_key_provider`` takes precedence. |
|
|
|
|
// If ``private_key_provider`` is unavailable and :ref:`fallback |
|
|
|
|
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.PrivateKeyProvider.fallback>` |
|
|
|
|
// is enabled, ``private_key`` will be used. |
|
|
|
|
PrivateKeyProvider private_key_provider = 6; |
|
|
|
|
|
|
|
|
|
// The password to decrypt the TLS private key. If this field is not set, it is assumed that the |
|
|
|
|