The SPIFFE Project

Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.

VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/

Integrates Spiffe and Vault to have secretless authentication

Provides agent and server plugins for SPIRE to allow TPM 2-based node attestation.

HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).

SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhead.

OPA-Envoy-SPIRE External Authorization Example.

vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.

Tutorials about Cilium and SPIRE integration

SPIFFE based Kafka authentication

SPIFFE Federation the easy way

Provides agent and server plugins for SPIRE to allow Tailscale node attestation.

A CLI for Kubernetes workload identity

Demo to build Service Mesh on Kubernetese using Envoy as data plane and SPIRE and OPA as control plane.

A gRPC based pub/sub messaging system

An OpenStack-based SPIRE plugins

Multi-Cluster Istio Service Mesh with SPIFFE/SPIRE Federation

Showcasing the potential of SPIFFE with real-life services