builder.Data(string(caDataSecret))
	} else {
		return parseTrustBundles(secretTyped, state)
	}

	secret, err := builder.Build()
	if err != nil {
		return []SecretItem{}, fmt.Errorf("error building secret: %v", err)
	}

	return []SecretItem{secret}, nil
}

func secretMetaFromCert(rawCert []byte, trustDomain string) (SecretMeta, error) {
	block, _ := pem.Decode(rawCert)

			Name:      testServiceAccountName,
			Namespace: testNamespace,
		},
	}

	for _, secret := range secrets {
		sa.Secrets = append(sa.Secrets, v1.ObjectReference{
			Name:      secret,
			Namespace: testNamespace,
		})
	}

	return sa
}

func makeSecret(name, caData, token string) *v1.Secret {
	out := &v1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:        name,
			Namespace:   testNamespace,

)

// printSecretItemsTabular prints the secret in table format
func (w *sdsWriter) printSecretItemsTabular(secrets []SecretItem) error {
	if len(secrets) == 0 {
		fmt.Fprintln(w.w, "No secret items to show.")
		return nil
	}
	var hasUnknownTrustDomain bool
	for _, secret := range secrets {
		if secret.SecretMeta.TrustDomain == "" {
			hasUnknownTrustDomain = true
			break
		}
	}

      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2023-05-15T01:32:52.262Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {

      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2024-10-25T13:26:36.591Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {

 * It features an <code>execute()</code> method, which triggers the Mojo's build-process behavior, and can throw
 * a MojoExecutionException or MojoFailureException if error conditions occur.<br>
 * Also included is the <code>setLog(...)</code> method, which simply allows Maven to inject a logging mechanism which
 * will allow the Mojo to communicate to the outside world through standard Maven channels.
 *
 */
@ThreadSafe
public interface Mojo {

	secretConfigCmd := &cobra.Command{
		Use:   "secret [<type>/]<name>[.<namespace>]",
		Short: "Retrieves secret configuration for the Envoy in the specified pod",
		Long:  `Retrieve information about secret configuration for the Envoy instance in the specified pod.`,
		Example: `  # Retrieve full secret configuration for a given pod from Envoy.
  istioctl proxy-config secret <pod-name[.namespace]>

			configDumpFile, err := os.Open(fmt.Sprintf("testdata/secret/%s/config_dump.json", tc.sds))
			if err != nil {
				t.Errorf("error opening test data file: %v", err)
			}
			defer configDumpFile.Close()
			configDump, err := io.ReadAll(configDumpFile)
			if err != nil {
				t.Errorf("error reading test data file: %v", err)
			}

			outFile, err := os.Open(fmt.Sprintf("testdata/secret/%s/output", tc.sds))
			if err != nil {

///

## Handle JWT tokens

Import the modules installed.

Create a random secret key that will be used to sign the JWT tokens.

To generate a secure random secret key use the command:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

	MULA.W	R9, R6, R1, g      // ERROR "invalid .W suffix"
	MULS.S	R2, R3, R4, g      // ERROR "invalid .S suffix"

	STREX	R1, (R0)           // ERROR "illegal combination"
	STREX	(R1), R0           // ERROR "illegal combination"
	STREX	R1, (R0), R1       // ERROR "cannot use same register as both source and destination"
	STREX	R1, (R0), R0       // ERROR "cannot use same register as both source and destination"