Key:         ClientCert,
			Description: "mTLS certificate for webhook authentication",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         ClientKey,
			Description: "mTLS certificate key for webhook authentication",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         BatchSize,

		if crypto.SSECopy.IsRequested(header) {
			clientKey, err = crypto.SSECopy.ParseHTTP(header)
			if err != nil {
				return opts, err
			}
			if sse, err = encrypt.NewSSEC(clientKey[:]); err != nil {
				return opts, err
			}
			opts.ServerSideEncryption = encrypt.SSECopy(sse)
			return opts, err
		}
		return opts, err
	}

	if crypto.SSEC.IsRequested(header) {
		clientKey, err = crypto.SSEC.ParseHTTP(header)

		},
		Subject:       "test",
		Secure:        true,
		CertAuthority: path.Join("testdata", "contrib", "certs", "root_ca_cert.pem"),
		ClientCert:    path.Join("testdata", "contrib", "certs", "nats_client_cert.pem"),
		ClientKey:     path.Join("testdata", "contrib", "certs", "nats_client_key.pem"),
	}

	con, err := clientConfig.connectNats()
	if err != nil {
		t.Errorf("Could not connect to nats: %v", err)
	}
	defer con.Close()

		},
		Extensions: make(map[string]string),
	}, nil
}

func validateClientKeyIsTrusted(c ssh.ConnMetadata, clientKey ssh.PublicKey) (err error) {
	if globalSFTPTrustedCAPubkey == nil {
		return errors.New("public key authority validation requested but no ca public key specified.")
	}

	cert, ok := clientKey.(*ssh.Certificate)
	if !ok {
		return errSftpPublicKeyWithoutCert
	}

	TLSHandshakeFirst bool      `json:"tlsHandshakeFirst"`
	Secure            bool      `json:"secure"`
	CertAuthority     string    `json:"certAuthority"`
	ClientCert        string    `json:"clientCert"`
	ClientKey         string    `json:"clientKey"`
	PingInterval      int64     `json:"pingInterval"`
	QueueDir          string    `json:"queueDir"`
	QueueLimit        uint64    `json:"queueLimit"`
	JetStream         struct {

			Enable:     enabled,
			Endpoint:   *url,
			Transport:  transport,
			AuthToken:  env.Get(authEnv, kv.Get(target.WebhookAuthToken)),
			ClientCert: env.Get(clientCertEnv, kv.Get(target.WebhookClientCert)),
			ClientKey:  env.Get(clientKeyEnv, kv.Get(target.WebhookClientKey)),
		}
		if err = webhookArgs.Validate(); err != nil {
			return nil, err
		}
		webhookTargets[k] = webhookArgs
	}
	return webhookTargets, nil

	UserAgent   string            `json:"userAgent"`
	Endpoint    *xnet.URL         `json:"endpoint"`
	AuthToken   string            `json:"authToken"`
	ClientCert  string            `json:"clientCert"`
	ClientKey   string            `json:"clientKey"`
	BatchSize   int               `json:"batchSize"`
	QueueSize   int               `json:"queueSize"`
	QueueDir    string            `json:"queueDir"`
	MaxRetry    int               `json:"maxRetry"`

		TCPOptions:       globalTCPOptions,
		EnableHTTP2:      false,
	}

	if clientCert != "" && clientKey != "" {
		ctx, cancel := context.WithTimeout(context.Background(), time.Second)
		defer cancel()
		transport, err := s.NewHTTPTransportWithClientCerts(ctx, clientCert, clientKey)
		if err != nil {

			CertAuthority:     env.Get(certAuthorityEnv, kv.Get(target.NATSCertAuthority)),
			ClientCert:        env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
			ClientKey:         env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
			Token:             env.Get(tokenEnv, kv.Get(target.NATSToken)),
			NKeySeed:          env.Get(nKeySeedEnv, kv.Get(target.NATSNKeySeed)),

			Value: strconv.Itoa(int(cfg.QueueLimit)),
		},
		config.KV{
			Key:   target.WebhookClientCert,
			Value: cfg.ClientCert,
		},
		config.KV{
			Key:   target.WebhookClientKey,
			Value: cfg.ClientKey,
		},
	}

	return nil
}

// SetNotifyPostgres - helper for config migration from older config.
func SetNotifyPostgres(s config.Config, psqName string, cfg target.PostgreSQLArgs) error {