SPIFFE (pronounced Spiffy) stands for Secure Production Identity Framework For Everyone. It’s an open-source workload identity framework that supports distributed systems deployed in on-premises, private cloud, and public cloud environments. It’s modeled after similar systems at Google, Netflix, and Twitter.
SPIRE (aka the SPIFFE Runtime Environment), is an open source SPIFFE implementation that allows organizations to enables organizations to provision, deploy, and manage SPIFFE identities throughout their heterogeneous production infrastructure.
Pinterest uses the framework to enable its open-source secret management service to “manage secrets in multi-tenant environments like Kubernetes,” wrote Jeremy Krach, a Pinterest software engineer, in a blog post.
And the Istio project, an open source microservices management platform, also uses SPIFFE as its workload identity framework, said Sunil James, CEO of Scytale, a startup that serves as SPIFFE’s primary maintainer.
Scytale, which launched earlier this year, also today announced it raised $3 million in seed funding with Bessemer Venture Partners leading the round.
James said the first SPIFFE meetup happened in a room in Los Gatos, California, in late 2016. Those present included engineers from Google, Docker, Twilio, Salesforce, Netflix, and Twitter.
“That’s where the magic happened,” he remembered. “It became very clear to me that this is something that is going to be very necessary for companies beyond these six.”
Now that CNCF has accepted the projects, the next step is to make them “dial tone,” James said.
“When you pick up the phone, that dial tone exists, but all you have to do is make a call,” James explained. “You don’t have to worry about all of the constructs that make it work. Our goal with SPIFFE and SPIRE is to deliver that kind of assurance and availability so if we have to scale to millions and billions of workloads, the architecture can scale seamlessly. And from a security standpoint we want to make it as robust and reliable as possible.”