Secure Production Identity Framework for Everyone

A universal identity control plane for distributed systems

Secure microservices communication automatically with Envoy, X.509 PKI, or JWT

Authenticate securely to common databases or platforms without passwords or API keys

Build, bridge, and extend service mesh across organizations without sharing keys

New to SPIFFE and SPIRE? Learn the basics in 10 minutes.


What is SPIFFE?

SPIFFE, the Secure Production Identity Framework For Everyone, provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration. • Read more

What is SPIRE?

SPIRE, the SPIFFE Runtime Environment, is an extensible system that implements the principles embodied in the SPIFFE standards. SPIRE manages platform and workload attestation, provides an API for controlling attestation policies, and coordinates certificate issuance and rotation. • Read more

In this book, security experts and SPIFFE community members provide a deep understanding of the identity problem and how to solve it. • Read more

Book cover

Who uses SPIFFE?

SPIFFE is currently used by a variety of projects that both issue and consume SPIFFE IDs.


Issuers

HashiCorp Consul

The Consul Connect service mesh uses the SPIFFE specification for establishing service identities, enabling Consul Connect services to connect with other SPIFFE-compliant systems Read more

Kuma

Kuma automatically generates SPIFFE-compatible certificates that identify all the services and workloads running in the service mesh, and encrypts all the traffic generated between them Read more

cert-manager CSI driver

csi-driver-spiffe is a cert-manager project that delivers SPIFFE compliant X.509-SVIDs to Kubernetes Pods using CSI, based on the identity of the mounting ServiceAccount. Read more

Consumers

SPIFFE and SPIRE are Cloud Native Computing Foundation incubation projects