SPIFFE
Secure Production Identity Framework for Everyone (SPIFFE) is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments through platform-agnostic, cryptographic identities. SPIFFE defines the SPIFFE ID URI format, the X.509 SVID and JWT SVID i
5 channels
across 1 AsyncAPI spec
· Provider profile
Channels
-
Streaming channel for receiving JWT trust bundle updates. JWT bundles contain the public keys needed to validate JWT-SVIDs from all trust domains the workload is configured to federate with.SPIFFE Workload API Events
-
Request-response channel for fetching a JWT-SVID for a specific audience. Unlike X.509 streaming, JWT-SVIDs are issued on demand with a short TTL and should be fetched fresh for each use. The workloadSPIFFE Workload API Events
-
Streaming channel for receiving the X.509 trust bundle set for all trust domains the workload needs to validate peer identities. This channel delivers the federation bundles from all configured federaSPIFFE Workload API Events
-
Streaming channel through which workloads receive X.509-SVID identity documents. After the workload sends a request, the server streams back an initial bundle of all SVIDs the workload is authorized tSPIFFE Workload API Events
-
Request-response channel for asking the SPIFFE implementation to validate a JWT-SVID on behalf of the workload. This allows workloads to delegate JWT validation to the SPIRE Agent rather than implemenSPIFFE Workload API Events