Add SDS API for JWT

[minuyim]

Hello team,

I am currently using Envoy to inject credentials into HTTP request headers via the credential_injector_filter. According to the Envoy documentation (https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/credential_injector_filter), this filter retrieves credentials from secret and injects them into the headers.

Additionally, the SPIFFE Envoy JWT integration documentation (https://spiffe.io/docs/latest/microservices/envoy-jwt/readme/) provides a comprehensive explanation regarding workload JWTs and related concepts. However, it appears that the SPIRE does not currently offer a complete implementation of the SDS API required by the credential_injector_filter.

Implementing an SDS API endpoint in the SPIRE would allow Envoy to dynamically retrieve SPIFFE JWT and other credentials from SPIRE. This would enable automatic credential renewal and rotation without sidecar container,

Therefore, I kindly request that the team consider implementing the SDS API functionality needed to support the Envoy credential_injector_filter integration. This feature would greatly simplify integration between Envoy and SPIRE.

[sorindumitru]

Thanks for opening this @minuyim. We'll have a look to see if this is something that we can support.