SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue SVIDs to workloads, and verify the SVIDs of other workloads, based on a predefined set of conditions.
If you’d like to try out SPIRE on Linux, check out the Getting Started Guide for Linux. For getting SPIRE running in a Kubernetes cluster, see the Getting Started Guide for Kubernetes. You can also or head to the Github project.
SPIRE can be used in a wide variety of scenarios and to perform a wide variety of identity-related functions. Here are some examples:
- Secure authentication amongst services
- Secure introduction to secret stores such as Vault and Pinterest Knox
- Identity provisioning as the foundation of identify for sidecar proxies in a service mesh, such as Envoy
- Provisioning and rotation of the PKI used to authenticate the components of distributed systems