.. _envoy_api_file_envoy/config/transport_socket/alts/v2alpha/alts.proto: ALTS ==== .. _extension_envoy.transport_sockets.alts: This extension may be referenced by the qualified name *envoy.transport_sockets.alts* .. note:: This extension is intended to be robust against both untrusted downstream and upstream traffic. .. _envoy_api_msg_config.transport_socket.alts.v2alpha.Alts: config.transport_socket.alts.v2alpha.Alts ----------------------------------------- `[config.transport_socket.alts.v2alpha.Alts proto] `_ Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy. https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/ .. code-block:: json { "handshaker_service": "...", "peer_service_accounts": [] } .. _envoy_api_field_config.transport_socket.alts.v2alpha.Alts.handshaker_service: handshaker_service (`string `_, *REQUIRED*) The location of a handshaker service, this is usually 169.254.169.254:8080 on GCE. .. _envoy_api_field_config.transport_socket.alts.v2alpha.Alts.peer_service_accounts: peer_service_accounts (`string `_) The acceptable service accounts from peer, peers not in the list will be rejected in the handshake validation step. If empty, no validation will be performed.