SPIRE: Running Workload Identity in Production
Shriira Press
Deploy and operate SPIFFE — SPIRE is the engine that attests workloads, issues and rotates SVIDs, and delivers identity.
Welcome to SPIRE: Running Workload Identity in Production.
SPIRE (the SPIFFE Runtime Environment) is the production-grade implementation of SPIFFE — the running system that attests workloads, issues and rotates SVIDs, and delivers verifiable identity to every workload. This free book is the practical, operations-focused counterpart to the SPIFFE standard: a recap of the SPIFFE concepts SPIRE implements, SPIRE's architecture (server, agent, datastore), the SPIRE Server in depth (CA, registry, upstream authority), the SPIRE Agent in depth (node and workload attestation, the Workload API), attestation and the plugin model, registration entries and managing identities, SVID issuance/rotation and the Workload API in practice, federation/high availability/scaling, and operating SPIRE securely in production. Ten focused chapters with clear diagrams that show how to deploy, configure, and run SPIRE to issue and manage SPIFFE identities for your workloads.
This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.
A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.
We hope it serves you well.
— Shriira Press