Skip to content
|
Plugin Hub
github-edit-pageEdit this page
report-issueReport an issue
header icon

TLS Metadata Headers Configuration

By Kong Inc.
You are browsing documentation for an outdated plugin version.

Configuration

This plugin is compatible with DB-less mode.

Compatible protocols

The TLS Metadata Headers plugin is compatible with the following protocols:

https, grpcs, tls

Parameters

Here's a list of all the parameters which can be used in this plugin's configuration:

  • name or plugin

    string required

    The name of the plugin, in this case tls-metadata-headers.

    • If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is name.
    • If using the KongPlugin object in Kubernetes, the field is plugin.

  • service.name or service.id

    string

    The name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level /plugins endpoint. Not required if using /services/{serviceName|Id}/plugins.

  • route.name or route.id

    string

    The name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint. Not required if using /routes/{routeName|Id}/plugins.

  • enabled

    boolean default: true

    Whether this plugin will be applied.

  • config

    record required

    • inject_client_cert_details

      boolean default: false

      Enables TLS client certificate metadata values to be injected into HTTP headers.

    • client_cert_header_name

      string required default: X-Client-Cert

      Define the HTTP header name used for the PEM format URL encoded client certificate.

    • client_serial_header_name

      string required default: X-Client-Cert-Serial

      Define the HTTP header name used for the serial number of the client certificate.

    • client_cert_issuer_dn_header_name

      string required default: X-Client-Cert-Issuer-DN

      Define the HTTP header name used for the issuer DN of the client certificate.

    • client_cert_subject_dn_header_name

      string required default: X-Client-Cert-Subject-DN

      Define the HTTP header name used for the subject DN of the client certificate.

    • client_cert_fingerprint_header_name

      string required default: X-Client-Cert-Fingerprint

      Define the HTTP header name used for the SHA1 fingerprint of the client certificate.