Generic Credential (proto)

This extension has the qualified name envoy.http.injected_credentials.generic


This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.


This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:


This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.


[extensions.http.injected_credentials.generic.v3.Generic proto]

Generic extension can be used to inject HTTP Basic Auth, Bearer Token, or any arbitrary credential into the proxied requests. The credential will be injected into the specified HTTP request header. Refer to [RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage]( for details.

  "credential": {...},
  "header": ...

(extensions.transport_sockets.tls.v3.SdsSecretConfig, REQUIRED) The SDS configuration for the credential that will be injected to the specified HTTP request header. It must be a generic secret.


(string) The header that will be injected to the HTTP request with the provided credential. If not set, filter will default to: Authorization