spire

The SPIFFE Runtime Environment

Go to file

dependabot[bot] 4b1e80af5a Bump golang.org/x/sync from 0.16.0 to 0.17.0 (#6306 ) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/sync/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2025-09-24 11:05:22 -07:00
.data	Commit dummy file to .data dir to keep it present in source control	2017-12-29 10:22:53 -08:00
.github	Add some retries to curl calls (#6195 )	2025-07-17 17:01:27 +01:00
cmd	Reduce node fetch dependancy for RPCs (#6176 )	2025-09-04 20:01:33 +01:00
conf	EKS node membership validation in aws_iid (#5969 )	2025-09-11 19:33:25 +01:00
doc	Plugin docs: linkify references to related plugins (#6323 )	2025-09-19 10:59:26 +01:00
examples	Add markdown lint (#3494 )	2022-11-22 12:39:30 -07:00
pkg	Some improvements to registration manager test (#6304 )	2025-09-19 07:58:49 +01:00
proto	Bump google.golang.org/protobuf from 1.36.7 to 1.36.8 (#6271 )	2025-08-27 23:31:21 -07:00
release	Remove some k8s-workload-registrar vestiges (#4466 )	2023-09-01 12:16:23 -06:00
script	Source binaries for linux artifacts from docker images (#4491 )	2023-09-13 16:35:29 -07:00
support/oidc-discovery-provider	docs: update CONTRIBUTING.md and README.md for OIDC discovery provider (#6296 )	2025-09-03 12:27:50 +01:00
test	Bump SPIRE to v1.13.2 (#6328 )	2025-09-18 14:40:30 -07:00
.dockerignore	Add arm64 support for linux images (#3607 )	2023-01-09 19:20:40 -03:00
.envrc.example	[direnv] Add basic .envrc.example (#4747 )	2024-01-03 14:21:16 -03:00
.gitattributes	Solve unit tests to work in windows and posix (#2655 )	2022-01-11 10:21:47 -03:00
.gitignore	[direnv] Add basic .envrc.example (#4747 )	2024-01-03 14:21:16 -03:00
.go-version	Upgrade to go 1.25.1 (#6329 )	2025-09-22 10:04:20 -07:00
.golangci.yml	golangci-lint: upgrade to v2 & fix flakey test (#6064 )	2025-07-04 16:14:29 -03:00
.markdownlint.yaml	Add markdown lint (#3494 )	2022-11-22 12:39:30 -07:00
.spire-tool-versions	Update go to 1.25.0 (#6288 )	2025-08-31 16:42:21 +01:00
ADOPTERS.md	added AccuKnox as adopter (#5326 )	2024-08-04 01:36:49 -03:00
CHANGELOG.md	Bump SPIRE to v1.13.2 (#6328 )	2025-09-18 14:40:30 -07:00
CODE-OF-CONDUCT.md	Add markdown lint (#3494 )	2022-11-22 12:39:30 -07:00
CODEOWNERS	Introduce Sorin Dumitru as a CODEOWNER (#5827 )	2025-01-30 18:36:31 -03:00
CONTRIBUTING.md	docs: update CONTRIBUTING.md and README.md for OIDC discovery provider (#6296 )	2025-09-03 12:27:50 +01:00
Dockerfile	Update to Go 1.24.4 (#6119 )	2025-06-10 09:35:39 -03:00
Dockerfile.dev	Update to Ubuntu 24.04 base dev image image. (#5936 )	2025-03-10 20:29:31 +00:00
Dockerfile.windows	Remove k8s-workload-registrar (#3853 )	2023-02-13 07:08:30 -07:00
LICENSE	edit Spire license info so GitHub recognizes it	2018-03-29 11:45:36 -07:00
MAINTAINERS.md	Spelling and grammar fixes (#5571 )	2024-11-04 16:18:44 -07:00
Makefile	golangci-lint: upgrade to v2 & fix flakey test (#6064 )	2025-07-04 16:14:29 -03:00
README.md	Fix broken links (#6280 )	2025-08-28 13:27:00 +01:00
RELEASING.md	Spelling and grammar fixes (#5571 )	2024-11-04 16:18:44 -07:00
ROADMAP.md	Update Roadmap (#3824 )	2023-02-16 17:13:58 -08:00
SECURITY.md	Update golangci-lint and Markdown linter (#4440 )	2023-08-17 11:53:17 -03:00
go.mod	Bump golang.org/x/sync from 0.16.0 to 0.17.0 (#6306 )	2025-09-24 11:05:22 -07:00
go.sum	Bump golang.org/x/sync from 0.16.0 to 0.17.0 (#6306 )	2025-09-24 11:05:22 -07:00

README.md

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms. SPIRE exposes the SPIFFE Workload API, which can attest running software systems and issue SPIFFE IDs and SVIDs to them. This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token. SPIRE can also enable workloads to securely authenticate to a secret store, a database, or a cloud provider service.

Get SPIRE
Learn about SPIRE
Integrate with SPIRE
Contribute to SPIRE
Further Reading
Security

SPIRE is a graduated project of the Cloud Native Computing Foundation (CNCF). If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF.

Get SPIRE

Pre-built releases of SPIRE can be found at https://github.com/spiffe/spire/releases. These releases contain both SPIRE Server and SPIRE Agent binaries.
Container images are published for spire-server, spire-agent, and oidc-discovery-provider.
Alternatively, you can build SPIRE from source.

Learn about SPIRE

Before trying SPIRE, it's a good idea to learn about its architecture and design goals.
Once ready to get started, see the Quickstart Guides for Kubernetes, Linux, and MacOS.
There are several examples demonstrating SPIRE usage in the spire-examples and spire-tutorials repositories.
Check ADOPTERS.md for a list of production SPIRE adopters, a view of the ecosystem, and use cases.
See the SPIRE Roadmap for a list of planned features and enhancements.
Join the SPIFFE community on Slack. If you have any questions about how SPIRE works, or how to get it up and running, the best places to ask questions are the SPIFFE Slack channels.
Download the free book about SPIFFE and SPIRE, "Solving the Bottom Turtle."

Integrate with SPIRE

See Extend SPIRE to learn about the highly extensible SPIRE plugin framework.
Officially maintained client libraries for interacting with the SPIFFE Workload API are available in Go and Java. See SPIFFE Library Usage Examples for a full list of official and community libraries, as well as code samples.
SPIRE provides an implementation of the Envoy Secret Discovery Service (SDS) for use with Envoy Proxy. SDS can be used to transparently install and rotate TLS certificates and trust bundles in Envoy. See Using SPIRE with Envoy for more information.

For supported integration versions, see Supported Integrations.

Contribute to SPIRE

The SPIFFE community maintains the SPIRE project. Information on the various SIGs and relevant standards can be found in https://github.com/spiffe/spiffe.

See CONTRIBUTING to get started.
Use GitHub Issues to request features or file bugs.
See GOVERNANCE for SPIFFE and SPIRE governance policies.

Security

Security Assessments

A third party security firm (Cure53) completed a security audit of SPIFFE and SPIRE in February of 2021. Additionally, the CNCF Technical Advisory Group for Security conducted two assessments on SPIFFE and SPIRE in 2018 and 2020. Please find the reports and supporting material, including the threat model exercise results, below.

Reporting Security Vulnerabilities

If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.