Configuring envoy to forward mTLS identity to workload as http header

As a part of evulating consul as a service mesh, I’m trying to figure out how to forward the mTLS identity to the workload (for authorization purposes within the workload). Support for this was as far as I know added to envoy in version 1.11, but I can’t figure out how to configure this in consul. Relevant settings are set_current_client_cert_details and forward_client_cert_details.

@eoftedal - I’m trying to do exactly the same thing as you. Did you manage to find a way? I’m wondering if the only option is to fully define entire listener configs for envoy_public_listener_json and envoy_listener_json via the escape hatch