SPIFFE stands for the Secure Production Identity Framework For Everyone. The project aims to define a framework and standards for identifying and securing communications between app services.
According to its GitHub page, SPIFFE includes
- SPIFFE IDs implemented as Uniform Resource Identifiers. This defines how services services identify themselves to one another
- SPIFFE Verifiable Identity Document (SVIDs), which is a standard for encoding SPIFFE IDs in a cryptographically-verifiable document
- The Workload API, which is an API specification for issuing and/or retrieving SVIDs.
The project also has a reference implementation called the SPIFFE Runtime Environment (SPIRE), which forms node and workload attestation, implements a signing framework, provides an API for registering nodes and workloads, and provides and manages the rotation of keys and certs for mutual authentication and encryption.
The project is currently hosted by the Cloud Native Computing Foundation as an incubation-level project.
“The underpinning of zero trust is authenticated identity,” Andrew Harding, SPIRE maintainer and principal software engineer at Hewlett Packard Enterprise, said when the project joined the CNCF. “SPIFFE standardizes how cryptographic, immutable identity is conveyed to a workload. SPIRE leverages SPIFFE to help organizations automatically authenticate and deliver these identities to workloads spanning cloud and on-premise environments. CNCF has long understood the transformational value of these projects to the cloud native ecosystem, and continues to serve as a great home for our growing community.”