QAT private key provider (proto)

This extension has the qualified name envoy.tls.key_providers.qat

Note

This extension is only available in contrib images.

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

This message specifies how the private key provider is configured. The private key provider provides RSA sign and decrypt operation hardware acceleration.

extensions.private_key_providers.qat.v3alpha.QatPrivateKeyMethodConfig

[extensions.private_key_providers.qat.v3alpha.QatPrivateKeyMethodConfig proto]

{
  "private_key": {...},
  "poll_delay": {...}
}
private_key

(config.core.v3.DataSource) Private key to use in the private key provider. If set to inline_bytes or inline_string, the value needs to be the private key in PEM format.

poll_delay

(Duration, REQUIRED) How long to wait before polling the hardware accelerator after a request has been submitted there. Having a small value leads to quicker answers from the hardware but causes more polling loop spins, leading to potentially larger CPU usage. The duration needs to be set to a value greater than or equal to 1 millisecond.