The SPIFFE Project
APACHE-2.0 License
The Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between application services. At its core, SPIFFE is:
A standard defining how services identify themselves to each other. These are called SPIFFE IDs and are implemented as Uniform Resource Identifiers (URIs).
A standard for encoding SPIFFE IDs in a cryptographically-verifiable document called a SPIFFE Verifiable Identity Document or SVIDs.
An API specification for issuing and/or retrieving SVIDs. This is the Workload API.
The SPIFFE Project has a reference implementation, the SPIRE (the SPIFFE Runtime Environment), that in addition to the above, it:
Performs node and workload attestation.
Implements a signing framework for securely issuing and renewing SVIDs.
Provides an API for registering nodes and workloads, along with their designated SPIFFE IDs.
Provides and manages the rotation of keys and certs for mutual authentication and encryption between workloads.
Simplifies access from identified services to secret stores, databases, services meshes and cloud provider services.
Interoperability and federation to SPIFFE compatible systems across heterogeneous environments and administrative trust boundaries.
SPIFFE is a graduated project of the Cloud Native Computing Foundation (CNCF). If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF.
Most community activity is organized into Special Interest Groups (SIGs), time-bounded working groups, and our monthly community-wide meetings. SIGs follow these guidelines, although each may operate differently depending on their needs and workflows. Each group's material can be found in the /community directory of this repository.
Name | Lead | Group | Slack Channel | Meetings |
---|---|---|---|---|
SIG-Community | Umair Khan (HPE) | Here | Here | Notes |
SIG-Spec | Evan Gilman (VMware) | Here | Here | Notes |
SIG-SPIRE | Daniel Feldman (HPE) | Here | Here | Notes |
Follow the SPIFFE Project You can find us on Github and Twitter.
The SPIFFE Steering Committee meets on a regular cadence to review project progress, address maintainer needs, and provide feedback on strategic direction and industry trends. Community members interested in joining this call can find details below.
To contact the SSC privately, please send an email to [email protected].