Secure Production Identity Framework for Everyone
Inspired by Google and others, SPIFFE is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous production environments
What is SPIFFE?
SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and authorization and complex network-level ACL configuration.
The SPIFFE standards are the result of a number of CNCF participants and other interested parties coming together to propose a common method for services to present and authorize their identities to one another.
SPIFFE is still in its early implementation stages and not yet ready for production deployment - you can help out by contributing. The work on SPIFFE and SPIRE is being coordinated by the employees of Scytale.
All SPIFFE standards and SPIRE components are available under the Apache 2.0 license.
SPIRE, the SPIFFE Runtime Environment, is an extensible system that implements the principles embodied in the SPIFFE standards. SPIRE manages platform and workload attestation, provides an API for controlling attestation policies, and coordinates certificate issuance and rotation.
Istio Auth is the security component of the broader Istio platform. It incorporates the learnings of securing millions of microservice endpoints in Google’s production environment.