Technology · Ebook

SPIFFE: Secure Workload Identity

by Shriira Press

SPIFFE is the standard for giving workloads secure, verifiable identities — replacing network location and shared secrets with cryptographic identity, the foundation of zero trust between services. This free book teaches it from the ground up: the workload-identity problem and zero-trust foundations, the core concepts (SPIFFE ID, trust domain, SVID), SVIDs in depth (X.509 and JWT, short-lived and auto-rotated), the Workload API and attestation that solve the 'secret zero' problem, SPIRE (the reference implementation: server and agents), using SPIFFE identities for mTLS and authorization, SPIFFE in service meshes and the ecosystem, federation across trust domains, and operating SPIFFE/SPIRE in production. Ten focused chapters with clear diagrams that show how to give every workload, on any platform, a verifiable identity the whole system can trust.

Contents

1. 1Preface
2. 2Chapter 1 — What SPIFFE Is
3. 3Chapter 2 — Zero Trust and Workload Identity
4. 4Chapter 3 — Core Concepts: SPIFFE ID, Trust Domain, SVID
5. 5Chapter 4 — SVIDs in Depth
6. 6Chapter 5 — The Workload API and Attestation
7. 7Chapter 6 — SPIRE: The Reference Implementation
8. 8Chapter 7 — mTLS and Authentication with SPIFFE
9. 9Chapter 8 — SPIFFE in Service Meshes and the Ecosystem
10. 10Chapter 9 — Federation Across Trust Domains
11. 11Chapter 10 — Operating SPIFFE/SPIRE and Putting It Together