Secure Production Identity Framework for Everyone

Inspired by Google and others, SPIFFE is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous production environments

What is SPIFFE?

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and authorization and complex network-level ACL configuration.

Learn More


What is SPIRE?

SPIRE, the SPIFFE Runtime Environment, is an extensible system that implements the principles embodied in the SPIFFE standards. SPIRE manages platform and workload attestation, provides an API for controlling attestation policies, and coordinates certificate issuance and rotation.

Learn More


Project information

The SPIFFE standards are the result of a number of CNCF participants and other interested parties coming together to propose a common method for services to present and authorize their identities to one another.

SPIRE is still in its early implementation stages and not yet ready for production deployment - you can help out by contributing. The work on SPIRE is being coordinated by the employees of Scytale.

All SPIFFE standards and SPIRE components are available under the Apache 2.0 license.

Getting started

If you're new to SPIFFE and SPIRE, take a look at their overviews here and here.

If you're interested in extending SPIRE or would like to contribute to its development, check out the community pages.