ALTS (proto)

This extension has the qualified name envoy.transport_sockets.alts


This extension is intended to be robust against both untrusted downstream and upstream traffic.


This extension extends and can be used with the following extension categories:

This extension must be configured with one of the following type URLs:


[extensions.transport_sockets.alts.v3.Alts proto]

Configuration for ALTS transport socket. This provides Google’s ALTS protocol to Envoy. Store the peer identity in dynamic metadata, namespace is “envoy.transport_socket.peer_information”, key is “peer_identity”.

  "handshaker_service": ...,
  "peer_service_accounts": []

(string, REQUIRED) The location of a handshaker service, this is usually on GCE.


(repeated string) The acceptable service accounts from peer, peers not in the list will be rejected in the handshake validation step. If empty, no validation will be performed.