Skip to content

[GOLANG] expose generic secret to golang http filter #38702

New issue
New issue
Open
#38703
Open
[GOLANG] expose generic secret to golang http filter#38702
#38703
Labels
area/golangarea/sdsSDS relatedenhancementFeature requests. Not bugs or questions.
@hypnoce

Description

@hypnoce
hypnoce
opened on Mar 11, 2025

Title: expose generic secret to golang http filter

Description:
Among other things, Golang filter currently has access to filter state and dynamic metadata. Those are not ment to store secret.
Also, passing secret directly into the plugin config is not benefiting from envoy's SDS and other features around secrets. It also can leak secrets when dumping the configuration.

Proposed solution:

  • declare the secrets accessible from go plugin in the go plugin configuration.
  • introduce a SecretManager interface in the GO envoy SDK
  • wire the go SecretManager with C++ SecretManager, filtering on the exposed secrets

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/golangarea/sdsSDS relatedenhancementFeature requests. Not bugs or questions.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions