A brief introduction to SPIRE, the SPIFFE Runtime Environment

SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue SVIDs to workloads, and verify the SVIDs of other workloads, based on a predefined set of conditions.

If you’d like to try out SPIRE on Linux, check out the Getting Started Guide for Linux. For getting SPIRE running in a Kubernetes cluster, see the Getting Started Guide for Kubernetes. You can also or head to the Github project.

Use cases

SPIRE can be used in a wide variety of scenarios and to perform a wide variety of identity-related functions. Here are some examples:

  • Secure authentication amongst services
  • Secure introduction to secret stores such as Vault and Pinterest Knox
  • Identity provisioning as the foundation of identify for sidecar proxies in a service mesh, such as Envoy
  • Provisioning and rotation of the PKI used to authenticate the components of distributed systems