Workload Identity

SPIFFE / SPIRE

A standard for giving running workloads cryptographic identities without pre-provisioned secrets. SPIFFE defines the identity (a SPIFFE ID and its SVID document); SPIRE is the reference implementation that attests workloads and issues short-lived X.509 or JWT SVIDs for zero-trust mTLS.

Flows

Workload SVID Issuance (X.509)
How a workload obtains a cryptographic identity (an X.509-SVID) with no pre-provisioned secret — via SPIRE node attestation and workload attestation — and uses it for mTLS.
9 steps →

Flows

Workload SVID Issuance (X.509)