Append a Request Header value from a Secret

[arkodg]

No description provided.

[arkodg]

there doesnt seem to be a way to read a header value from sds config source
today https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#envoy-v3-api-msg-config-core-v3-headervalueoption

will need something like https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/config_source.proto#config-core-v3-configsource to implement this

[mathetake]

alternatively simply EG can read the secret and use the plain header mutation?

[arkodg]

The value will be exposed in the config dump which is not desirable

[mathetake]

yeah though i imagine people capable of dumping configs == people having access to secrets?

[arkodg]

that may not be the case, app devs (xRoute creators) may also hold sensitive info they may not want to share with infra admins (managing EG infra) like basic auth keys, API keys.
This is especially true in a managed offering of EG