New! SPIFFE and SPIRE are now graduate projects of the Cloud Native Computing Foundation

Universal identity control plane for distributed systems

SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms

spiffe turtle

Used By


SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers. Security models for the organizations that manage them must keep up with these infrastructure technologies. And this is where SPIFFE and SPIRE come in. With SPIFFE/SPIRE, developers and operators can build software using new infrastructure technologies, while allowing security teams to step back from time-consuming security processes.

Key Use Cases

image describing secured microservices

Secure microservices communication automatically with Envoy, X.509 PKI, or JWT

image describing secured authentication

Authenticate securely to common databases or platforms without passwords or API keys

image illustrating service mesh connections

Build, bridge, and extend service mesh across organizations without sharing keys

image describing cross service authentication

Cross-service authentication for zero trust security model

image describing the relationship between Kubernetes and other platforms

Bridging the gap between Kubernetes and other platforms

Integrations & Implementations

New to SPIFFE and SPIRE? Learn the basics in 10 minutes.

In this book, security experts and SPIFFE community members provide a deep understanding of the identity problem and how to solve it. • Read more

Deep Dive

spiffe logo
SPIFFE, the Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between application services.
Spire logo
SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms.


Enable defense in depth

Provide strongly attested identities to reduce the likelihood of breach through credential comprise

Reduce operational complexity

Consistent, automated management of identity reduces the burden of devops teams


Simplifies the technical aspects of full interoperability across multiple stacks

Compliance and auditability

Enables mutually authenticated TLS and multiple roots of trust to meet regulatory requirements

SPIFFE and SPIRE are graduate projects of the Cloud Native Computing Foundation