Need help with spire?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

844 Stars 216 Forks Apache License 2.0 4.7K Commits 197 Opened issues


The SPIFFE Runtime Environment

Services available


Need anything else?

Contributors list


CII Best Practices Build Status Coverage Status Go Report Card Slack Status

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms. SPIRE exposes the SPIFFE Workload API, which can attest running software systems and issue SPIFFE IDs and SVIDs to them. This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token. SPIRE can also enable workloads to securely authenticate to a secret store, a database, or a cloud provider service.

SPIRE is hosted by the Cloud Native Computing Foundation (CNCF) as an incubation-level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF.


Learn about SPIRE

  • Before trying SPIRE, it's a good idea to learn about its architecture and design goals.
  • Once ready to get started, see the Quickstart Guides for Kubernetes, Linux, and MacOS.
  • There are several examples demonstrating SPIRE usage in the spire-examples and spire-tutorials repositories.
  • Check for a list of production SPIRE adopters, a view of the ecosystem, and use cases.
  • See the SPIRE Roadmap for a list of planned features and enhancements.
  • Join the SPIFFE community on Slack. If you have any questions about how SPIRE works, or how to get it up and running, the best places to ask questions are the SPIFFE Slack channels.
  • Download the free book about SPIFFE and SPIRE, "Solving the Bottom Turtle."

Integrate with SPIRE

For supported integration versions, see Supported Integrations.

Contribute to SPIRE

The SPIFFE community maintains the SPIRE project. Information on the various SIGs and relevant standards can be found in

Further Reading

  • The Scaling SPIRE guide covers design guidelines, recommendations, and deployment models.
  • For an explanation of how SPIRE compares to related systems such as secret stores, identity providers, authorization policy engines and service meshes see comparisons.


Security Assessments

The CNCF Special Interest Group for Security has conducted two assessments on SPIFFE and SPIRE design and configuration with respect to security. The following documents contain summary reports as well as the threat modeling material produced as part of the assessment:

Reporting Security Vulnerabilities

If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at [email protected] We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.