SPIRE, the SPIFFE Runtime Environment, is a toolchain for establishing trust between software systems across a wide variety of hosting platforms. Concretely, SPIRE exposes the SPIFFE Workload API, which can attest running software systems and issue SPIFFE IDs and SVIDs to them. This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token.
If you’d like to try out SPIRE on your machine, check out the Getting started with SPIRE guide, or head to the Github project.
SPIRE can be used in a wide variety of scenarios and to perform a wide variety of identity-related functions. Here are some examples:
Secure authentication amongst services
Secure introduction to secret stores such as Vault and Apache Knox
Identity provisioning as the foundation of identify for sidecar proxies in a service mesh, such as Envoy
Provisioning and rotation of the PKI used to authenticate the components of distributed systems