SPIFFE SPIRE - ghdrako/doc_snipets GitHub Wiki

• https://devops.com/introduction-to-spiffe-spire/
• https://github.com/spiffe/spire-examples

SPIFFE is a specification for implementing identity for workloads, and SPIRE is the code that implements this specification in practice. Together, the projects create a standardized, secure way to identify software services and authenticate them.

SPIFFE

Secure Production Identity Framework For Everyone (SPIFFE) is a specification for workload identity. SPIFFE dictates the standard methods to prove and validate the identity of a service.

There are three key components in SPIFFE.

• SPIFFE specifies that services shall identify themselves with what’s called a SPIFFE ID, which is defined as a URI in the format of spiffe://trust-domain-name/path.
• These IDs are then encoded into a SPIFFE Verifiable Identity Document or SVID. SVIDs aren’t so much a document type themselves — instead, they support either X.509 or JWT document types.
• SPIFFE specifies a workload API that issues and rotates these SVIDs, along with the keys needed to validate them.

SPIRE

• https://spiffe.io/docs/latest/spiffe-about/spiffe-concepts/#spiffe-id

SPIRE is the code that implements the SPIFFE specification. SPIRE, the “flagship SPIFFE implementation,” is a true end-to-end instantiation of SPIFFE that securely issues SVIDs, renews SVIDS and performs attestation, among other functions. If SPIFFE defines what a passport is, then SPIRE is the agency that issues the passports.