Hi @Dahnepfl,
Consul’s escape-hatch overrides could potentially be used to add JWT verification and processing to the inbound listeners for sidecar proxies.
Assuming you could get it to work, it would only apply to east-west traffic. Consul does not currently support installing escape hatch configurations on ingress gateways for north-south traffic. (see hashicorp/consul#8722).
The escape hatch is the closet thing Consul has to Kuma’s Proxy Template, or Istio’s EnvoyFilter resource, however I would not consider it equivalent because it does not support match, patch or remove operations. Certain hatches require a full replacement of the target configuration whereas others are only able to add additional configuration at the specified certain injection points.
We are open to improving the escape hatch to offer more flexibility like the ProxyTemplate or EvnoyFilter resources. I recommend filing a GitHub issue with details of your use case so that we can discuss and track this feature request.
Similarly to the escape hatch enhancements, we’re open to considering extending intentions to formally support JWT token auth. I’d also recommend commenting on the following GitHub issue with your use case so that our engineering team can review your requirements, and discuss how we might be able to support this.
Thanks.