The Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between web-based services. At its heart, SPIFFE is:
-
A standard defining how services identify themselves to each other. These are called SPIFFE IDs and are implemented as Uniform Resource Identifiers (URIs).
-
A standard for encoding SPIFFE IDs in a cryptographically-verifiable document called a SPIFFE Verifiable Identity Document or SVIDs.
-
An API specification for issuing and/or retrieving SVIDs. This is the Workload API.
The SPIFFE Project is also producing a reference implementation that, in addition to the above, will:
- Perform node and workload attestation.
- Implement a signing framework for securely issuing and renewing SVIDs.
- Provide an API for registering nodes and workloads, along with their designated SPIFFE IDs.
SPIFFE is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the CNCF announcement.
- Secure Production Identity Framework for Everyone (SPIFFE)
- The SPIFFE Identity and Verifiable Identity Document
- The X.509 SPIFFE Verifiable Identity Document
- The JWT SPIFFE Verifiable Identity Document
- The SPIFFE Trust Domain and Bundle
- The SPIFFE Workload Endpoint
- The SPIFFE Workload API
- spiffe: This repository includes the SPIFFE ID, SVID and Workload API specifications, example code, and tests, as well as project governance, policies, and processes.
- spire: This is a reference implementation of SPIFFE and the SPIFFE Workload API that can be run on and across varying hosting environments.
- go-spiffe: Golang client libraries.
- Slack (Join here).
- [email protected] (View or join here).
- [email protected] (View or join here).
- [email protected] (View or join here).
Most community activity is organized into Special Interest Groups (SIGs), time-bounded working groups, and our monthly community-wide meetings. SIGs follow these guidelines, although each may operate differently depending on their needs and workflows. Each group's material can be found in the /community directory of this repository.
| Name | Leads | Group | Slack Channel | Meetings |
|---|---|---|---|---|
| Components | Oliver Liu (Google, Inc.) | Here | Here | Notes |
| Integration: AWS | Jon Debonis (Blend, Inc.) | Here | Here | Notes |
| Integration: gRPC | Lizan Zhou (Google, Inc.) | Here | Here | Notes |
| Integration: Kubernetes | Vipin Jain (Pensando, Inc.) & Tao Li (Google, Inc.) | Here | Here | Notes |
| Specification | Evan Gilman (Scytale, Inc.) | Here | Here | Notes |
Follow the SPIFFE Project You can find us on Github and Twitter.