diff --git a/agent/rpc/peering/stream_test.go b/agent/rpc/peering/stream_test.go
index d00080c44..e8568f727 100644
--- a/agent/rpc/peering/stream_test.go
+++ b/agent/rpc/peering/stream_test.go
@@ -633,6 +633,15 @@ func testStreamResources_Server_ServiceUpdates(t *testing.T, disableMeshGateways
 	lastIdx++
 	require.NoError(t, store.EnsureService(lastIdx, "foo", mysql.Service))
 
+	lastIdx++
+	require.NoError(t, store.EnsureService(lastIdx, "foo", &structs.NodeService{
+		ID:      "mysql-sidecar-proxy",
+		Service: "mysql-sidecar-proxy",
+		Kind:    structs.ServiceKindConnectProxy,
+		Port:    5000,
+		Proxy:   structs.ConnectProxyConfig{DestinationServiceName: "mysql"},
+	}))
+
 	var (
 		mongoSN      = structs.NewServiceName("mongo", nil).String()
 		mongoProxySN = structs.NewServiceName("mongo-sidecar-proxy", nil).String()
@@ -691,8 +700,14 @@ func testStreamResources_Server_ServiceUpdates(t *testing.T, disableMeshGateways
 			func(t *testing.T, msg *pbpeering.ReplicationMessage) {
 				require.Equal(t, pbpeering.TypeURLService, msg.GetResponse().ResourceURL)
 				require.Equal(t, mysqlProxySN, msg.GetResponse().ResourceID)
-				require.Equal(t, pbpeering.ReplicationMessage_Response_DELETE, msg.GetResponse().Operation)
-				require.Nil(t, msg.GetResponse().Resource)
+				require.Equal(t, pbpeering.ReplicationMessage_Response_UPSERT, msg.GetResponse().Operation)
+
+				var nodes pbservice.IndexedCheckServiceNodes
+				require.NoError(t, ptypes.UnmarshalAny(msg.GetResponse().Resource, &nodes))
+				require.Len(t, nodes.Nodes, 1)
+
+				svid := "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mysql"
+				require.Equal(t, []string{svid}, nodes.Nodes[0].Service.Connect.PeerMeta.SpiffeID)
 			},
 		)
 	})
diff --git a/agent/rpc/peering/subscription_manager.go b/agent/rpc/peering/subscription_manager.go
index 5a48900b8..7e443e919 100644
--- a/agent/rpc/peering/subscription_manager.go
+++ b/agent/rpc/peering/subscription_manager.go
@@ -200,22 +200,23 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti
 			return nil // ignore event
 		}
 
-		// Clear this raft index before exporting.
-		csn.Index = 0
+		sn := structs.ServiceNameFromString(strings.TrimPrefix(u.CorrelationID, subExportedProxyService))
+		spiffeID := connect.SpiffeIDService{
+			Host:       m.trustDomain,
+			Partition:  sn.PartitionOrDefault(),
+			Namespace:  sn.NamespaceOrDefault(),
+			Datacenter: m.config.Datacenter,
+			Service:    sn.Name,
+		}
+		peerMeta := &pbservice.PeeringServiceMeta{
+			SpiffeID: []string{spiffeID.URI().String()},
+		}
 
-		// // Flatten health checks
-		// for _, instance := range csn.Nodes {
-		// 	instance.Checks = flattenChecks(
-		// 		instance.Node.Node,
-		// 		instance.Service.ID,
-		// 		instance.Service.Service,
-		// 		instance.Service.EnterpriseMeta,
-		// 		instance.Checks,
-		// 	)
-		// }
-
-		// Scrub raft indexes
+		// skip checks since we just generated one from scratch
+		// Set peerMeta on all instances and scrub the raft indexes.
 		for _, instance := range csn.Nodes {
+			instance.Service.Connect.PeerMeta = peerMeta
+
 			instance.Node.RaftIndex = nil
 			instance.Service.RaftIndex = nil
 			if m.config.DisableMeshGatewayMode {
@@ -223,8 +224,8 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti
 					chk.RaftIndex = nil
 				}
 			}
-			// skip checks since we just generated one from scratch
 		}
+		csn.Index = 0
 
 		id := proxyServicePayloadIDPrefix + strings.TrimPrefix(u.CorrelationID, subExportedProxyService)