The SPIFFE Project

Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.

VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/

Integrates Spiffe and Vault to have secretless authentication

Provides agent and server plugins for SPIRE to allow TPM 2-based node attestation.

HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).

OPA-Envoy-SPIRE External Authorization Example.

vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.

Tutorials about Cilium and SPIRE integration

SPIFFE based Kafka authentication

SPIFFE Federation the easy way

SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhead.

A gRPC based pub/sub messaging system

Provides agent and server plugins for SPIRE to allow Tailscale node attestation.

Demo to build Service Mesh on Kubernetese using Envoy as data plane and SPIRE and OPA as control plane.

An OpenStack-based SPIRE plugins

Demo of Kafka integrated with Envoy proxy sidecars and SPIRE on K8s

Kubernetes datastore plugin for SPIRE server

Proof of concept SPIFFE implementation that provides user SVIDs based on web SSO integration.