The Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between web-based services. At its heart, SPIFFE is:
A standard defining how services identify themselves to each other. These are called SPIFFE IDs and are implemented as Uniform Resource Identifiers (URIs).
A standard for encoding SPIFFE IDs in a cryptographically-verifiable document called a SPIFFE Verifiable Identity Document or SVIDs.
An API specification for issuing and/or retrieving SVIDs. This is the Workload API.
The SPIFFE Project is also producing a reference implementation that, in addition to the above, will:
- Perform node and workload attestation.
- Implement a signing framework for securely issuing and renewing SVIDs.
- Provide an API for registering nodes and workloads, along with their designated SPIFFE IDs.
SPIFFE is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the CNCF announcement.
- Secure Production Infrastructure Framework for Everyone (SPIFFE)
- The SPIFFE Identity and Verifiable Identity Document
- The X.509 SPIFFE Verifiable Identity Document
- The JWT SPIFFE Verifiable Identity Document
- The SPIFFE Workload Endpoint
- The SPIFFE Workload API
- spiffe: This repository includes the SPIFFE ID, SVID and Workload API specifications, example code, and tests, as well as project governance, policies, and processes.
- spire: This is a reference implementation of SPIFFE and the SPIFFE Workload API that can be run on and accross varying hosting environments.
- spiffe-examples: Examples and demonstrations.
- go-spiffe: Golang client libraries.
- Slack (Join here).
- firstname.lastname@example.org (View or join here).
- email@example.com (View or join here).
- firstname.lastname@example.org (View or join here).
Most community activity is organized into Special Interest Groups (SIGs), time-bounded working groups, and our monthly community-wide meetings. SIGs follow these guidelines, although each may operate differently depending on their needs and workflows. Each group's material can be found in the /sigs directory of this repository.
|Components||Oliver Liu (Google, Inc.)||Here||Here||Notes|
|Integration: AWS||Jon Debonis (Blend, Inc.)||Here||Here||Notes|
|Integration: gRPC||Lizan Zhou (Google, Inc.)||Here||Here||Notes|
|Integration: Kubernetes||Vipin Jain (Pensando, Inc.) & Tao Li (Google, Inc.)||Here||Here||Notes|
|Specification||Evan Gilman (Scytale, Inc.)||Here||Here||Notes|