SPIFFE website screenshot

SPIFFE

Secure Production Identity Framework for Everyone (SPIFFE) is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments through platform-agnostic, cryptographic identities. SPIFFE defines the SPIFFE ID URI format, the X.509 SVID and JWT SVID identity document formats, and the Workload API for issuing and rotating identities without secrets or passwords. SPIFFE is a graduated CNCF project.

4 APIs 0 Features
AuthenticationCloud NativeGraduatedIdentitySecurityZero Trust

APIs

SPIFFE Workload API

The SPIFFE Workload API is a gRPC streaming interface through which workloads request and receive SPIFFE Verifiable Identity Documents (SVIDs) including X.509-SVIDs and JWT-SVID...

SPIFFE X.509 SVID

The SPIFFE X.509 SVID (SPIFFE Verifiable Identity Document) is a standard for encoding SPIFFE identities into X.509 certificates. The Subject Alternative Name field carries the ...

SPIFFE JWT SVID

The SPIFFE JWT SVID standard defines a format for encoding SPIFFE identities as JSON Web Tokens. JWT-SVIDs are used in scenarios where X.509 certificates are not practical, such...

SPIFFE Federation API

The SPIFFE Federation API defines how SPIFFE trust domains exchange trust bundle information to enable cross-domain workload authentication. It specifies the SPIFFE Trust Domain...

Collections

Pricing Plans

Spiffe Plans Pricing

3 plans

PLANS

Rate Limits

Spiffe Rate Limits

5 limits

RATE LIMITS

FinOps

Spiffe Finops

FINOPS

Event Specifications

SPIFFE Workload API Events

The SPIFFE Workload API is a gRPC streaming interface through which workloads request and receive SPIFFE Verifiable Identity Documents (SVIDs) and trust bundle updates. Workload...

ASYNCAPI

Semantic Vocabularies

Spiffe Context

0 classes · 7 properties

JSON-LD

API Governance Rules

SPIFFE API Rules

7 rules · 4 errors 3 warnings

SPECTRAL

JSON Structure

Spiffe Svid Structure

0 properties

JSON STRUCTURE

Example Payloads

Resources

🔗
LinkedIn
LinkedIn
🔗
JSONSchema
JSONSchema
🔗
JSONLD
JSONLD
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
Website
Website
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
🔗
Community
Community
🔗
Slack
Slack
📰
Blog
Blog
🔗
Security
Security
👥
StackOverflow
StackOverflow

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: SPIFFE Federation Bundle Endpoint API
  version: '1.0'
items:
- info:
    name: Bundle
    type: folder
  items:
  - info:
      name: SPIFFE Get trust bundle
      type: http
    http:
      method: GET
      url: https://{trust-domain}/spiffe/v1/bundle
      headers:
      - name: Accept
        value: ''
    docs: Returns the current trust bundle for this SPIFFE trust domain as a JWKS (JSON Web Key Set) document. The trust bundle
      contains the root CA certificates that are used to validate X.509-SVIDs and JWT-SVIDs issued by this trust domain. Foreign
      SPIFFE implementations poll this endpoint to stay synchronized with trust bundle updates, enabling cross-domain workload
      authentication. The response is a standard JWKS document where each key entry represents a root CA certificate encoded
      as an X.509 certifi
bundled: true