The Cloud Native Computing Foundation (CNCF) announced that SPIFFE and SPIRE are now graduated projects. 

Secure Production Identity Framework For Everyone (SPIFFE) provides a secure identity to workloads in modern production environments and SPIRE (the SPIFFE Runtime Environment) is the code that implements the SPIFFE specification on a wide variety of platforms. 

SPIRE exposes the SPIFFE Workload API, which can attest running software systems and issue SPIFFE IDs and SVIDs to them. Workloads can then establish trust between each other and establish an mTLS connection by signing and verifying a JWT token. 

“Security has been a very pressing topic in the cloud native ecosystem as most architectures were not built for the massive scale and zero trust cloud native environments we are seeing today,” said Chris Aniszczyk, COO at CNCF. “Modern application development requires a standardized, secure form of identity for workloads and SPIFEE/SPIRE respond extremely well to that need. It is great to see the support behind these projects and I anticipate continuous growth as more organizations move to secure cloud native architectures.”

The projects first entered the CNCF Sandbox in 2018 and moved to the incubator in 2020. They are used by Anthem, GitHub, Netflix, Niantic, Pinterest, and Uber among others. Often, they’re adopted by companies that want to build higher layer products and services by offering integrations to projects such as Envoy, gRPC, Istio, Kubernetes, Sigstore, and Tekton.