https://spiffe.io/blog/ News, deep dives, and updates from the maintainers and community behind SPIFFE and SPIRE. en-us Thu, 16 Jun 2022 00:00:00 +0000 https://spiffe.io/blog/2022-06-16-hardening-istio-security-with-spire/ Thu, 16 Jun 2022 00:00:00 +0000Nathalia Satie Gomazako https://spiffe.io/blog/2022-06-16-hardening-istio-security-with-spire/ Integrating SPIRE with Istio brings uniform, SPIFFE-based identity to service meshes by letting Envoy's Secret Discovery Service consume SPIRE identities. https://spiffe.io/blog/2022-05-20-spire-now-runs-on-windows/ Fri, 20 May 2022 00:00:00 +0000Agustín Martínez Fayó https://spiffe.io/blog/2022-05-20-spire-now-runs-on-windows/ SPIRE 1.3.0 adds experimental support for running the Server and Agent on Windows, extending workload identity beyond Linux with a Windows workload attestor. https://spiffe.io/blog/2021-12-20-enabling-authenticated-communication-for-serverless-workloads-with-spire/ Mon, 20 Dec 2021 00:00:00 +0000Agustín Martínez Fayó https://spiffe.io/blog/2021-12-20-enabling-authenticated-communication-for-serverless-workloads-with-spire/ Serverless platforms can't run a SPIRE Agent next to the workload. The SVIDStore plugin fixes this by pushing X.509-SVIDs to stores like AWS Secrets Manager. https://spiffe.io/blog/2020-09-25-scrutinizing-spire-to-sensibly-strengthen-spiffe-security-part-two/ Fri, 25 Sep 2020 00:00:00 +0000Matt Moyer https://spiffe.io/blog/2020-09-25-scrutinizing-spire-to-sensibly-strengthen-spiffe-security-part-two/ Part two scores and ranks attacks on SPIRE by impact and likelihood, finding the biggest risks stem from its centralized signing, plus low-effort mitigations. https://spiffe.io/blog/2020-09-25-scrutinizing-spire-security/ Fri, 25 Sep 2020 00:00:00 +0000Matt Moyer https://spiffe.io/blog/2020-09-25-scrutinizing-spire-security/ Part one of a security analysis of the SPIFFE Runtime Environment (SPIRE): its architecture, security properties, and a threat model for assessing attacks. https://spiffe.io/blog/2020-06-22-spiffe-spire-move-to-cncf-incubation-level-hosted-projects/ Mon, 22 Jun 2020 00:00:00 +0000Andrés Vega https://spiffe.io/blog/2020-06-22-spiffe-spire-move-to-cncf-incubation-level-hosted-projects/ SPIFFE and SPIRE have moved from CNCF sandbox to incubation level. A look at the milestones, from a security self-assessment to due diligence, behind the move. https://spiffe.io/blog/2020-06-18-spiffe-community-day-spring-2020/ Thu, 18 Jun 2020 00:00:00 +0000Umair M. Khan https://spiffe.io/blog/2020-06-18-spiffe-community-day-spring-2020/ A recap of Spring 2020 SPIFFE Community Day, the first held fully online, with 300+ attendees and deployment stories from ByteDance, Square, and Uber. https://spiffe.io/blog/2020-06-12-re-cap-spiffe-community-day-fall-2019/ Fri, 12 Jun 2020 00:00:00 +0000Umair M. Khan https://spiffe.io/blog/2020-06-12-re-cap-spiffe-community-day-fall-2019/ A recap of Fall 2019 SPIFFE Community Day (200+ attendees): TPM node attestation at Bloomberg, Hadoop workloads at Uber, and SPIRE-backed service meshes. https://spiffe.io/blog/2020-06-09-re-cap-spiffe-community-day-spring-2019/ Tue, 09 Jun 2020 00:00:00 +0000Umair M. Khan https://spiffe.io/blog/2020-06-09-re-cap-spiffe-community-day-spring-2019/ A recap of the May 2019 SPIFFE Community Day, hosted by Pinterest and Scytale: case studies from Uber and Square plus demos with Kubernetes, Envoy, and Istio. https://spiffe.io/blog/2020-06-08-re-cap-spiffe-community-day-fall-2018/ Mon, 08 Jun 2020 00:00:00 +0000Umair M. Khan https://spiffe.io/blog/2020-06-08-re-cap-spiffe-community-day-fall-2018/ A recap of SPIFFE's seventh Community Day (November 2018): project updates, demos, and talks from Pinterest, Square, and VMware, plus Federation and JWT-SVIDs.