Technology · Ebook

SPIRE: Running Workload Identity in Production

by Shriira Press

SPIRE (the SPIFFE Runtime Environment) is the production-grade implementation of SPIFFE — the running system that attests workloads, issues and rotates SVIDs, and delivers verifiable identity to every workload. This free book is the practical, operations-focused counterpart to the SPIFFE standard: a recap of the SPIFFE concepts SPIRE implements, SPIRE's architecture (server, agent, datastore), the SPIRE Server in depth (CA, registry, upstream authority), the SPIRE Agent in depth (node and workload attestation, the Workload API), attestation and the plugin model, registration entries and managing identities, SVID issuance/rotation and the Workload API in practice, federation/high availability/scaling, and operating SPIRE securely in production. Ten focused chapters with clear diagrams that show how to deploy, configure, and run SPIRE to issue and manage SPIFFE identities for your workloads.

Contents

1. 1Preface
2. 2Chapter 1 — What SPIRE Is
3. 3Chapter 2 — The SPIFFE Concepts SPIRE Implements
4. 4Chapter 3 — SPIRE Architecture
5. 5Chapter 4 — The SPIRE Server in Depth
6. 6Chapter 5 — The SPIRE Agent in Depth
7. 7Chapter 6 — Attestation and the Plugin Model
8. 8Chapter 7 — Registration Entries and Managing Identities
9. 9Chapter 8 — SVID Issuance, Rotation, and the Workload API
10. 10Chapter 9 — Federation, High Availability, and Scaling
11. 11Chapter 10 — Operating SPIRE in Production