Golang library for SPIFFE support

Go to file

dependabot[bot] 84a48c0bf4 Bump google.golang.org/grpc from 1.72.0 to 1.73.0 (#345 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.72.0 to 1.73.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.72.0...v1.73.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.73.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2025-07-07 15:41:41 +00:00
.github	Prepare to use GH merge queue (#339 )	2025-04-09 06:30:37 -06:00
bundle	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
examples	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
federation	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
internal	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
logger	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
proto/spiffe/workload	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
spiffegrpc/grpccredentials	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
spiffeid	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
spiffetls	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
svid	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
workloadapi	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
.gitattributes	Support building on Windows (#191 )	2022-04-14 11:35:32 -03:00
.gitignore	Fix some spiffetls typos (#204 )	2022-12-02 12:16:58 -07:00
.golangci.yml	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
CHANGELOG.md	Changelog for 2.5.0 (#326 )	2025-01-31 13:43:36 -07:00
CODEOWNERS	Add myself to CODEOWNERS (#167 )	2021-06-28 15:35:02 -06:00
LICENSE	Update license file to correct Apache 2.0 license (#146 )	2021-06-28 15:13:22 -06:00
Makefile	Move code out of v2 directory (#337 )	2025-04-09 06:03:49 -06:00
README.md	Fix invalid examples link in README.md (#342 )	2025-05-08 13:43:28 +00:00
go.mod	Bump google.golang.org/grpc from 1.72.0 to 1.73.0 (#345 )	2025-07-07 15:41:41 +00:00
go.sum	Bump google.golang.org/grpc from 1.72.0 to 1.73.0 (#345 )	2025-07-07 15:41:41 +00:00

README.md

go-spiffe (v2)

This library is a convenient Go library for working with SPIFFE.

It leverages the SPIFFE Workload API, providing high level functionality that includes:

Establishing mutually authenticated TLS (mTLS) between workloads powered by SPIFFE.
Obtaining and validating X509-SVIDs and JWT-SVIDs.
Federating trust between trust domains using SPIFFE bundles.
Bundle management.

Documentation

See the Go Package documentation.

Quick Start

Prerequisites:

Running SPIRE or another SPIFFE Workload API implementation.
SPIFFE_ENDPOINT_SOCKET environment variable set to address of the Workload API (e.g. unix:///tmp/agent.sock). Alternatively the socket address can be provided programatically.

To create an mTLS server:

listener, err := spiffetls.Listen(ctx, "tcp", "127.0.0.1:8443", tlsconfig.AuthorizeAny())

To dial an mTLS server:

conn, err := spiffetls.Dial(ctx, "tcp", "127.0.0.1:8443", tlsconfig.AuthorizeAny())

The client and server obtain X509-SVIDs and X.509 bundles from the SPIFFE Workload API. The X509-SVIDs are presented by each peer and authenticated against the X.509 bundles. Both sides continue to be updated with X509-SVIDs and X.509 bundles streamed from the Workload API (e.g. secret rotation).

Examples

The examples directory contains rich examples for a variety of circumstances.