The SPIFFE Runtime Environment
SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms. SPIRE exposes the SPIFFE Workload API, which can attest running software systems and issue SPIFFE IDs and SVIDs to them. This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token. SPIRE can also enable workloads to securely authenticate to a secret store, a database, or a cloud provider service.
SPIRE is hosted by the Cloud Native Computing Foundation (CNCF) as an incubation-level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF.
For supported integration versions, see Supported Integrations.
The SPIFFE community maintains the SPIRE project. Information on the various SIGs and relevant standards can be found in https://github.com/spiffe/spiffe.
The CNCF Special Interest Group for Security has conducted two assessments on SPIFFE and SPIRE design and configuration with respect to security. The following documents contain summary reports as well as the threat modeling material produced as part of the assessment:
If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at [email protected] We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.