Give every workload a verifiable identity — the zero-trust foundation behind service mesh mTLS, powered by SPIFFE and SPIRE.

Welcome to SPIFFE: Secure Workload Identity.

SPIFFE is the standard for giving workloads secure, verifiable identities — replacing network location and shared secrets with cryptographic identity, the foundation of zero trust between services. This free book teaches it from the ground up: the workload-identity problem and zero-trust foundations, the core concepts (SPIFFE ID, trust domain, SVID), SVIDs in depth (X.509 and JWT, short-lived and auto-rotated), the Workload API and attestation that solve the 'secret zero' problem, SPIRE (the reference implementation: server and agents), using SPIFFE identities for mTLS and authorization, SPIFFE in service meshes and the ecosystem, federation across trust domains, and operating SPIFFE/SPIRE in production. Ten focused chapters with clear diagrams that show how to give every workload, on any platform, a verifiable identity the whole system can trust.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What SPIFFE Is
2. Chapter 2 — Zero Trust and Workload Identity
3. Chapter 3 — Core Concepts: SPIFFE ID, Trust Domain, SVID
4. Chapter 4 — SVIDs in Depth
5. Chapter 5 — The Workload API and Attestation
6. Chapter 6 — SPIRE: The Reference Implementation
7. Chapter 7 — mTLS and Authentication with SPIFFE
8. Chapter 8 — SPIFFE in Service Meshes and the Ecosystem
9. Chapter 9 — Federation Across Trust Domains
10. Chapter 10 — Operating SPIFFE/SPIRE and Putting It Together