Recently completed
- API and Plugin SDKs for Integration authors
- Expand support of TPM node attestation to provide first-class verification and identification of TPM metadata (New!)
- Support for using Cert-Manager as an upstream authority to SPIRE (New!)
- AWS Support: Support for using AWS KMS to store signing keys, Support for internet-restricted environments (New!)
- Support for using GCP Certificate Authority Service as an upstream authority (New!)
Near-Term and Medium-Term
- Provide a turn-key Kubernetes experience that adheres to security best practices (In Progress)
- Use SPIRE on workloads running on platforms where installing an agent is not possible (In Progress, likely v1.1)
- Provide a privileged API on SPIRE Agent to delegate SVID management to platform integrators (In Progress)
- Provide an API on SPIRE Server to allow programmatic configuration of federation relationships
- Support for supply chain provenance attestation by verification of binary signing (e.g. TUF/notary/in-toto metadata validation)
- Secretless authentication to Google Compute Platform by expanding OIDC Federation integration support
Long-Term
- Key Revocation and Forced Rotation
- Ensure error messages are indicative of a direction towards resolution
- Improve health-check subsystem
- Secretless authentication to Microsoft Azure by expanding OIDC Federation integration support
Credits
Thank you to @anjaltelang for helping the SPIRE team keep this roadmap accurate and up-to-date 🎉