SPIFFE

Jan 1, 0001

Definition

SPIFFE (Secure Production Identity Framework for Everyone) is an open standard that defines a framework for securely identifying and authenticating services in dynamic and heterogeneous environments. It provides a way to issue, manage, and validate cryptographic identities to services, enabling secure communication without relying on network-based security controls. SPIFFE is particularly useful in cloud-native environments where services are ephemeral and distributed across multiple platforms.

Secure Settings Example

apiVersion: spiffe.io/v1
kind: WorkloadEntry
metadata:
  name: example-service
spec:
  spiffeId: spiffe://example.org/service
  selectors:
    - matchLabels:
        app: example-service
  ttl: 3600

Insecure Settings Example

apiVersion: spiffe.io/v1
kind: WorkloadEntry
metadata:
  name: example-service
spec:
  spiffeId: spiffe://example.org/service
  selectors:
    - matchLabels:
        app: example-service
  ttl: 0  # Insecure: TTL set to 0, allowing indefinite validity

SPIFFE

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter