The Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between web-based services. At its heart, SPIFFE is:
-
A standard defining how services identify themselves to each other. These are called SPIFFE IDs and are implemented as Uniform Resource Identifiers (URIs).
-
A standard for encoding SPIFFE IDs in a cryptographically-verifiable document called a SPIFFE Verifiable Identity Document or SVIDs.
-
An API specification for issuing and/or retrieving SVIDs. This is the Workload API.
The SPIFFE Project is also producing a reference implementation that, in addition to the above, will:
- Perform node and workload attestation.
- Implement a signing framework for securely issuing and renewing SVIDs.
- Provide an API for registering nodes and workloads, along with their designated SPIFFE IDs.
- Secure Production Infrastructure Framework for Everyone (SPIFFE)
- The SPIFFE Identity and Verifiable Identity Document
- The X.509 SPIFFE Verifiable Identity Document
- The Workload API (WIP)
- spiffe: This repository includes the SPIFFE ID, SVID and Workload API specifications, example code, and tests, as well as project governance, policies, and processes.
- spire: This is a reference implementation of SPIFFE and the SPIFFE Workload API that can be run on and accross varying hosting environments.
- spiffe-examples: Examples and demonstrations.
- go-spiffe: Golang client libraries.
- Slack (Join here).
- [email protected] (View or join here).
- [email protected] (View or join here).
- [email protected] (View or join here).
Most community activity is organized into Special Interest Groups (SIGs), time-bounded working groups, and our monthly community-wide meetings. SIGs follow these guidelines, although each may operate differently depending on their needs and workflows. Each group's material can be found in the /sigs directory of this repository.
Name | Leads | Group | Slack Channel | Meetings |
---|---|---|---|---|
Components | Oliver Liu (Google, Inc.) | Here | Here | Notes |
Integration: AWS | Jon Debonis (Blend, Inc.) | Here | Here | Notes |
Integration: gRPC | Lizan Zhou (Google, Inc.) | Here | Here | Notes |
Integration: Kubernetes | Vipin Jain (Pensando, Inc.) & Tao Li (Google, Inc.) | Here | Here | Notes |
Specification | Evan Gilman (Scytale, Inc.) | Here | Here | Notes |
Follow the SPIFFE Project You can find us on Github and Twitter.