spiffe.io Open in urlscan Pro
2a05:d014:275:cb00:ce75:162:d945:5f34  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Get SPIRE Documentation

Blog




Secure Production Identity Framework for Everyone

A universal identity control plane for distributed systems

Secure microservices communication automatically with Envoy, X.509 PKI, or JWT

Authenticate securely to common databases or platforms without passwords or API
keys

Build, bridge, and extend service mesh across organizations without sharing keys

New to SPIFFE and SPIRE? Learn the basics in 10 minutes.





What is SPIFFE?

SPIFFE, the Secure Production Identity Framework For Everyone, provides a secure
identity, in the form of a specially crafted X.509 certificate, to every
workload in a modern production environment. SPIFFE removes the need for
application-level authentication and complex network-level ACL configuration. •
Read more




--------------------------------------------------------------------------------

What is SPIRE?

SPIRE, the SPIFFE Runtime Environment, is an extensible system that implements
the principles embodied in the SPIFFE standards. SPIRE manages platform and
workload attestation, provides an API for controlling attestation policies, and
coordinates certificate issuance and rotation. • Read more



In this book, security experts and SPIFFE community members provide a deep
understanding of the identity problem and how to solve it. • Read more



Who uses SPIFFE?

SPIFFE is currently used by a variety of projects that both issue and consume
SPIFFE IDs.



ISSUERS


THE SPIRE PROJECT

SPIRE is an open-source toolchain that implements the SPIFFE specification in a
wide variety of environments Read more



ISTIO

The Istio control plane issues SPIFFE IDs for all workloads Read more



HASHICORP CONSUL

The Consul Connect service mesh uses the SPIFFE specification for establishing
service identities, enabling Consul Connect services to connect with other
SPIFFE-compliant systems Read more



KUMA

Kuma automatically generates SPIFFE-compatible certificates that identify all
the services and workloads running in the service mesh, and encrypts all the
traffic generated between them Read more



CERT-MANAGER CSI DRIVER

csi-driver-spiffe is a cert-manager project that delivers SPIFFE compliant
X.509-SVIDs to Kubernetes Pods using CSI, based on the identity of the mounting
ServiceAccount. Read more



CONSUMERS


THE ENVOY PROXY

Customers can use SPIFFE IDs to establish mTLS connections between Envoy proxies
Read more



PINTEREST KNOX

Customers can authenticate to Knox with SPIFFE IDs Read more



THE GHOSTUNNEL PROXY

Customers can use SPIFFE IDs to establish mTLS connections between Ghostunnel
proxies with built-in support for obtaining X.509-SVID identities via the SPIFFE
Workload API Read more


SPIFFE and SPIRE are Cloud Native Computing Foundation incubation projects

--------------------------------------------------------------------------------

Community

Blog Twitter GitHub Slack StackOverflow YouTube

© 2022 The SPIFFE authors