SNI certificate mapper (proto)

This extension has the qualified name envoy.tls.certificate_mappers.sni

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension category:

• envoy.tls.certificate_mappers

This extension must be configured with one of the following type URLs:

• type.googleapis.com/envoy.extensions.transport_sockets.tls.cert_mappers.sni.v3.SNI

extensions.transport_sockets.tls.cert_mappers.sni.v3.SNI

[extensions.transport_sockets.tls.cert_mappers.sni.v3.SNI proto]

Uses the SNI value from the TLS client hello as the secret resource name.

{
  "default_value": ...
}

default_value

(string, REQUIRED) The value to use as the secret name when SNI is empty or absent.