package spiffe.workloadapi

Get desktop application:
View/edit binary Protocol Buffers messages

• rpc FetchX509SVID (X509SVIDRequest, stream X509SVIDResponse)

  workload.proto:10

  Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to, as well as related information like trust bundles and CRLs. As this information changes, subsequent messages will be streamed from the server.

  message X509SVIDRequest

  workload.proto:15

  The X509SVIDRequest message conveys parameters for requesting an X.509-SVID. There are currently no request parameters.

  (message has no fields)

  message X509SVIDResponse

  workload.proto:20

  The X509SVIDResponse message carries X.509-SVIDs and related information, including a set of global CRLs and a list of bundles the workload may use for federating with foreign trust domains.

  • repeated X509SVID svids = 1

    Required. A list of X509SVID messages, each of which includes a single X.509-SVID, its private key, and the bundle for the trust domain.

  • repeated bytes crl = 2

    Optional. ASN.1 DER encoded certificate revocation lists.

  • map<string, bytes> federated_bundles = 3

    Optional. CA certificate bundles belonging to foreign trust domains that the workload should trust, keyed by the SPIFFE ID of the foreign trust domain. Bundles are ASN.1 DER encoded.

The X509SVID message carries a single SVID and all associated information, including the X.509 bundle for the trust domain.

Used in: X509SVIDResponse

• string spiffe_id = 1

  Required. The SPIFFE ID of the SVID in this entry

• bytes x509_svid = 2

  Required. ASN.1 DER encoded certificate chain. MAY include intermediates, the leaf certificate (or SVID itself) MUST come first.

• bytes x509_svid_key = 3

  Required. ASN.1 DER encoded PKCS#8 private key. MUST be unencrypted.

• bytes bundle = 4

  Required. ASN.1 DER encoded X.509 bundle for the trust domain.