The SPIFFE Project

Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.

VMware Secrets Manager for Cloud-Native Apps is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/

Integrates Spiffe and Vault to have secretless authentication

Provides agent and server plugins for SPIRE to allow TPM 2-based node attestation.

HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).

OPA-Envoy-SPIRE External Authorization Example.

vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.

Tutorials about Cilium and SPIRE integration

SPIFFE based Kafka authentication

SPIFFE Federation the easy way

Demo to build Service Mesh on Kubernetese using Envoy as data plane and SPIRE and OPA as control plane.

Provides agent and server plugins for SPIRE to allow Tailscale node attestation.

A gRPC based pub/sub messaging system

An OpenStack-based SPIRE plugins

Kubernetes datastore plugin for SPIRE server

Demo of Kafka integrated with Envoy proxy sidecars and SPIRE on K8s

Demo to build Service Mesh on Kubernetes using Envoy as data plane and SPIRE as control plane.

Cloud Native Identity Management Showcase.