You are browsing documentation for an outdated plugin version.
Configuration
This plugin is compatible with DB-less mode.
Compatible protocols
The TLS Metadata Headers plugin is compatible with the following protocols:
https
, grpcs
, tls
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
string required
The name of the plugin, in this case
tls-metadata-headers
.- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
name
. - If using the KongPlugin object in Kubernetes, the field is
plugin
.
- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
-
string
The name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/plugins
endpoint. Not required if using/services/{serviceName|Id}/plugins
. -
string
The name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/plugins
endpoint. Not required if using/routes/{routeName|Id}/plugins
. -
boolean default:
true
Whether this plugin will be applied.
-
record required
-
boolean default:
false
Enables TLS client certificate metadata values to be injected into HTTP headers.
-
string required default:
X-Client-Cert
Define the HTTP header name used for the PEM format URL encoded client certificate.
-
string required default:
X-Client-Cert-Serial
Define the HTTP header name used for the serial number of the client certificate.
-
string required default:
X-Client-Cert-Issuer-DN
Define the HTTP header name used for the issuer DN of the client certificate.
-
string required default:
X-Client-Cert-Subject-DN
Define the HTTP header name used for the subject DN of the client certificate.
-
string required default:
X-Client-Cert-Fingerprint
Define the HTTP header name used for the SHA1 fingerprint of the client certificate.
-