
Secure Production Identity Framework for Everyone
A universal identity control plane for distributed systems
New! SPIFFE and SPIRE are now graduate projects of the Cloud Native Computing Foundation
What is SPIFFE?
SPIFFE, the Secure Production Identity Framework For Everyone, provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration. • Read more



What is SPIRE?
SPIRE, the SPIFFE Runtime Environment, is an extensible system that implements the principles embodied in the SPIFFE standards. SPIRE manages platform and workload attestation, provides an API for controlling attestation policies, and coordinates certificate issuance and rotation. • Read more

Who uses SPIFFE?
SPIFFE is currently used by a variety of projects that both issue and consume SPIFFE IDs.
Issuers
HashiCorp Consul
The Consul Connect service mesh uses the SPIFFE specification for establishing service identities, enabling Consul Connect services to connect with other SPIFFE-compliant systems Read morecert-manager CSI driver
csi-driver-spiffe is a cert-manager project that delivers SPIFFE compliant X.509-SVIDs to Kubernetes Pods using CSI, based on the identity of the mounting ServiceAccount. Read moreConsumers
The Envoy proxy
Customers can use SPIFFE IDs to establish mTLS connections between Envoy proxies Read moreThe Ghostunnel proxy
Customers can use SPIFFE IDs to establish mTLS connections between Ghostunnel proxies with built-in support for obtaining X.509-SVID identities via the SPIFFE Workload API Read moreSPIFFE and SPIRE are graduate projects of the Cloud Native Computing Foundation
