Skip to content
main
Switch branches/tags
Code

SPIFFE Logo

The Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between application services. At its core, SPIFFE is:

  • A standard defining how services identify themselves to each other. These are called SPIFFE IDs and are implemented as Uniform Resource Identifiers (URIs).

  • A standard for encoding SPIFFE IDs in a cryptographically-verifiable document called a SPIFFE Verifiable Identity Document or SVIDs.

  • An API specification for issuing and/or retrieving SVIDs. This is the Workload API.

The SPIFFE Project has a reference implementation, the SPIRE (the SPIFFE Runtime Environment), that in addition to the above, it:

  • Performs node and workload attestation.

  • Implements a signing framework for securely issuing and renewing SVIDs.

  • Provides an API for registering nodes and workloads, along with their designated SPIFFE IDs.

  • Provides and manages the rotation of keys and certs for mutual authentication and encryption between workloads.

  • Simplifies access from identified services to secret stores, databases, services meshes and cloud provider services.

  • Interoperability and federation to SPIFFE compatible systems across heterogeneous environments and administrative trust boundaries.

SPIFFE is hosted by the Cloud Native Computing Foundation (CNCF) as an incubation-level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the CNCF announcement.

SPIFFE Standards

Getting Started

  • spiffe: This repository includes the SPIFFE ID, SVID and Workload API specifications, example code, and tests, as well as project governance, policies, and processes.
  • spire: This is a reference implementation of SPIFFE and the SPIFFE Workload API that can be run on and across varying hosting environments.
  • go-spiffe: Golang client libraries.
  • java-spiffe: Java client libraries

Communications

Contribute

SIGs & Working Groups

Most community activity is organized into Special Interest Groups (SIGs), time-bounded working groups, and our monthly community-wide meetings. SIGs follow these guidelines, although each may operate differently depending on their needs and workflows. Each group's material can be found in the /community directory of this repository.

Name Lead Group Slack Channel Meetings
SIG-Community Umair Khan (HPE) Here Here Notes
SIG-Spec Evan Gilman (VMware) Here Here Notes
SIG-SPIRE Andres Vega (VMware) | Daniel Feldman (HPE) Here Here Notes

Follow the SPIFFE Project You can find us on Github and Twitter.

SPIFFE SSC

The SPIFFE Steering Committee meets on a regular cadence to review project progress, address maintainer needs, and provide feedback on strategic direction and industry trends. Community members interested in joining this call can find details below.

To contact the SSC privately, please send an email to ssc@spiffe.io.