.. _envoy_v3_api_file_envoy/extensions/transport_sockets/alts/v3/alts.proto:

ALTS
====

.. _extension_envoy.transport_sockets.alts:


This extension may be referenced by the qualified name *envoy.transport_sockets.alts*

.. note::
  

  This extension is intended to be robust against both untrusted downstream and upstream traffic.


.. _envoy_v3_api_msg_extensions.transport_sockets.alts.v3.Alts:

extensions.transport_sockets.alts.v3.Alts
-----------------------------------------

`[extensions.transport_sockets.alts.v3.Alts proto] <https://github.com/envoyproxy/envoy/blob/e98e41a8e168af7acae8079fc0cd68155f699aa3/api/envoy/extensions/transport_sockets/alts/v3/alts.proto#L18>`_

Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy.
https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/

.. code-block:: json

  {
    "handshaker_service": "...",
    "peer_service_accounts": []
  }

.. _envoy_v3_api_field_extensions.transport_sockets.alts.v3.Alts.handshaker_service:

handshaker_service
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The location of a handshaker service, this is usually 169.254.169.254:8080
  on GCE.
  
  
.. _envoy_v3_api_field_extensions.transport_sockets.alts.v3.Alts.peer_service_accounts:

peer_service_accounts
  (`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The acceptable service accounts from peer, peers not in the list will be rejected in the
  handshake validation step. If empty, no validation will be performed.