Secure Production Identity Framework for Everyone

Inspired by the production infrastructure of Google and others, SPIFFE is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments.

What is SPIFFE?

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration. Learn More

Project Information

The SPIFFE standards are the result of a number of CNCF participants and other interested parties coming together to propose a common method for services to present and authorize their identities to one another.

SPIFFE is still in its early implementation stages and not yet ready for production deployment - you can help out by contributing. The work on SPIFFE and SPIRE is being coordinated by the employees of Scytale.

All SPIFFE standards and SPIRE components are available under the Apache 2.0 license.

Getting Started

If you're new to SPIFFE and SPIRE, take a look at their overviews here and here.

If you're interested in extending SPIRE or would like to contribute to its development, check out the community pages.

SPIFFE Implementations


SPIRE, the SPIFFE Runtime Environment, is an extensible system that implements the principles embodied in the SPIFFE standards. SPIRE manages platform and workload attestation, provides an API for controlling attestation policies, and coordinates certificate issuance and rotation.

Learn More

Istio Auth

Istio Auth is the security component of the broader Istio platform. It incorporates the learnings of securing millions of microservice endpoints in Google’s production environment.

Learn More