Community Presentations

Resources presented by the SPIFFE community

The following presentations, podcasts, and blog posts demonstrate how people have used SPIFFE and SPIRE to address complex software infrastructure challenges.

Introductions

These presentations are designed to give some background for those who are not familiar with SPIFFE and SPIRE.

 

Andrew and Evan offer a complete explanation of the SPIFFE and SPIRE architecture, including node and workload attestation, key management, and trust bundle rotation strategy.

Presented by Andrew Harding and Evan Gilman at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

In this lightboard video Evan Gilman, an engineer at Scytale, provides an overview of CNCF’s SPIFFE and SPIRE Projects.

By Evan Gilman on 13-Feb-2020.

 

Kelsey gives a practical demonstration on how to leverage SPIFFE in your own applications.

Presented by Kelsey Hightower at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Presented by Andrew Jessup at KubeCon EU 2018 on 4-May-2019.

 
SPIFFE Project Intro (Scytale/HPE)

Presented by Andrew Jessup at KubeCon EU 2018 on 4-May-2019.

 
Zero-Trust Networks (Stripe, Scytale/HPE)

By Doug Barth & Evan Gilman on 22-October-2019.

 

By Evan Gilman in Software Engineering Daily on 14-November-2018.

 

Andrew and Andrés review the history of SPIFFE and SPIRE from 2016 to 2019 and showcase how applications can use SVIDs to interact with databases and cloud platform.

Presented by Andrew Jessup and Andrés Vega at KubeCon NA 2019 on 19-Nov-2019.

 

Presented by Evan Gilman at KubeCon EU 2019 on 24-May-2019.

 

The first public presentation of the SPIFFE and SPIRE projects at KubeCon 2017.

Presented by Evan Gilman at KubeCon NA 2017 on 15-Dec-2017.

 
SPIFFE Overview (Scytale/HPE)

SPIFFE is the Secure Production Identity Framework for Everyone. Craig hates the name. Andrew Jessup, co-founder and VP of Product at Scytale (with a C) tells him and Adam why they should look past that and how Jason Bourne fits into the world of Cloud Native.

By Andrew Jessup on 21-March-2019.

 

Presented by Madhukesh Wali at Easy Bay Cloud Native Meetup on 25-Nov-2018.

 

Joe Beda gives a background on the motivation behind SPIFFE and SPIRE, and then livestreams installing it onto a Kubernetes cluster.

Presented by Joe Beda at TGI Kubernetes on 18-Oct-2019.

 
SPIFFE & SPIRE panel (VMware, Scytale, Google, Amalgam Insights, QAware)

Presented by Krishna Ganugapati, Andrew Jessup, Maya Kaczoworski, Tom Petrocelli, Andreas Zitzelsberger at KubeCon Europe on 10-May-2018.

Case Studies

These presentations from end-users of SPIFFE and SPIRE showcase how the projects are being used in practice.

 

Mat describes the principal benefits of migrating from a homegrown service identity issuer to SPIFFE, showing what the team learned in this process.

Presented by Mat Byczkowski at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Presented by Frederick Kautz at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 
SPIFFE at GitHub (GitHub)

Eric explains how SPIRE is used at GitHub, giving implementation details about agent operation and custom node selectors, making use of the platform-agnostic characteristic of SPIRE.SPIRE.

Presented by Eric Lee at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

This session provides an overview of how Uber uses SPIFFE and SPIRE for workload authentication in a diverse deployment environment.

Presented by Andrew Moore at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Jonathan and Levani explain how SPIFFE and Envoy are used to secure Kafka's client-broker communication by solving common problems such as certificate distribution at large scale.

Presented by Jonathan Oddy and Levani Kokhreidze at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Paul gives a brief description on how Parsec can make use of SPIFFE identities to support multitenancy.

Presented by Paul Howard at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Doron describes a POC work that replaces the Istio Identity issuing Mechanism with SPIRE.

Presented by Doron Chen at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Andreas from QAWare explains how they used SPIRE as the foundation of a secure workload identity management system for a client.

Presented by Andreas Zitzelsberger at KubeCon EU 2018 on 4-May-2018.

 

Presented by Tyler Julian at KubeCon EU 2019 on 24-May-2019.

 

Presented by Matthew McPherrin at SPIFFE Community Day on 3-May-2019.

 

By Jeremy Krach on 23-March-2019.

 

Presented by Charles Strahan at SPIFFE Community Day on 11-October-2019.

 

How to use CNCF's SPIFFE and SPIRE projects along with other Cloud Native technologies to build a solid foundation for operating Zero Trust security models.

Presented by Bobby Samuels, Frederick Kautz, Emiliano Berenbaum, and Madhu Wali at Cloud Native Computing Foundation Webinar on 29-Apr-2020.

 

How the TransferWise financial services company is using SPIRE to move away from shared secrets and easily establish strong trust between software systems running across different domains

Presented by Jonathan Oddy at SPIFFE Community Day on 24-Apr-2020.

 

Why ByteDance decided to use SPIRE and how they are deploying SPIRE

Presented by Eli Nesterov at SPIFFE Community Day on 24-Apr-2020.

 

How Square deployed SPIRE and Envoy on a bare metal/multicloud hybrid environment

Presented by Matthew McPherrin at SPIFFE Community Day on 24-Apr-2020.

 

A brief overview of how GitHub is using SPIRE

Presented by Eric Lee at SPIFFE Community Day on 24-Apr-2020.

 

A brief overview of how doc.ai and Anthem are implementing zero-trust authentication using SPIRE

Presented by Frederick Kautz, Bobby Samuel at SPIFFE Community Day on 24-Apr-2020.

 

A brief overview of how Frontdoor is using SPIRE

Presented by Domingo Kiser at SPIFFE Community Day on 24-Apr-2020.

 

A brief overview of how the open source project Network Service Mesh is integrating SPIFFE/SPIRE

Presented by Ed Warnicke at SPIFFE Community Day on 24-Apr-2020.

Advanced Topics

 

Using a live demo, Andrey explains how an SGX workload attestor can improve the strength of application identities.

Presented by Andrey Brito at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Using a live demo, Andrey explains how an SGX workload attestor can improve the strength of application identities.

By Daniel Feldman on 10-Oct-2022.

 

Marcos presents the proposed design for the TPM Node Attestor and Adriane shows a demo on how this plugin is used.

Presented by Adriane Cardozo and Marcos Yedro at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Ash defines what OPA is, its main features, and gives a practical live demo using this tool along with SPIRE and OIDC.

Presented by Ash Nakar at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

In this talk the CRD for a SPIFFE ID is presented, along with its leading motivations in the context of using SPIRE in the NGINX Service Mesh Architecture.

Presented by Faisal Memon at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Ruide shows how to improve SPIRE by performing auditability on the issued SVIDs.

Presented by Ruide Zhang at SPIFFE Production Identity Day, KubeCon NA 2020 on 17-Nov-2020.

 

Evan and Oliver discuss how SPIFFE Federation works, and use it to show how a SPIRE- and Istio- identified workload can establish trust to each other.

Presented by Evan Gilman and Oliver Liu at KubeCon NA 2019 on 20-Nov-2019.

 

Presented by Andrew Harding at KubeCon NA 2019 on 20-Nov-2019.

 

In this deep dive, Tyler covers how SPIRE scales to meet the needs of hundreds of thousands of workloads. And, despite a requirement for high, efficient throughout, the system must remain resilient in the face of failure.

Presented by Tyler Julian at KubeCon NA 2019 on 21-Nov-2019.

 

In this talk, Sabree demonstrates how to use Envoy proxy and SPIRE to protect your telemetry endpoints, in both push and pull use cases, utilizing fluentd, Prometheus, and OpenTracing & Jaeger.

Presented by Sabree Blackmon at KubeCon NA 2018 on 15-Dec-2018.

 

Presented by Max Lambrecht & Eugene Weiss at SPIFFE Community Day on 3-May-2019.

 

Presented by Spike Curtis at SPIFFE Community Day on 3-May-2019.

 

Presented by Tyler Dixon at SPIFFE Community Day on 3-May-2019.

 

Presented by Yonggang (Oliver) Liu & Wencheng Lu at KubeCon China on 5-July-2019.

 

Presented by Eugene Weiss at SPIFFE Community Day on 11-October-2019.

 

Presented by Peyton Walters at SPIFFE Community Day on 11-October-2019.

 

Presented by Agustín Martínez Fayó at SPIFFE Community Day on 11-October-2019.

 

Presented by Faisal Memon at SPIFFE Community Day on 11-October-2019.

 

How you can enable decoupled authentication and authorization with SPIRE and OPA using the go-spiffe v2 library

Presented by Ash Narkar at SPIFFE Community Day on 24-Apr-2020.

 

How to implement telemetry with SPIRE Agents deployed on over 10,000 nodes

Presented by Andrew Moore at SPIFFE Community Day on 24-Apr-2020.

 

This project leverages the service management capability of Istio and the secure identity framework of SPIRE to deliver robust and flexible attestation beyond Kuberbetes namespaces and service accounts and provide end-to-end secure attestation of workloads based on zero trust principles regardless of location of such workloads.

Presented by Alexandre Alvino, Caio Milfont, Juliano Fantozzi, Max Lambrecht, Praneetha Manthravadi at Munch and Learn, HPE on 29-Mar-2022.