Projects are used by leading cloud native companies including Bloomberg, ByteDance, Pinterest, and Twilio, among others
San Francisco, CA – September 20, 2022 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced today the graduation of the SPIFFE and SPIRE projects. They join 16 other graduated projects.
The Secure Production Identity Framework For Everyone (SPIFFE) provides a secure identity to every workload in a modern production environment, removing the need for shared secrets and providing a foundation for higher level platform agnostic security controls. SPIRE (the SPIFFE Runtime Environment) is the code that implements the SPIFFE specification on a wide variety of platforms and enforces multi-factor attestation for the issuance of identities.
“Security has been a very pressing topic in the cloud native ecosystem as most architectures were not built for the massive scale and zero trust cloud native environments we are seeing today,” said Chris Aniszczyk. “Modern application development requires a standardized, secure form of identity for workloads and SPIFEE/SPIRE respond extremely well to that need. It is great to see the support behind these projects and I anticipate continuous growth as more organizations move to secure cloud native architectures.”
SPIFFE and SPIRE entered the CNCF Sandbox in 2018, moved to the Incubator in 2020 and has grown significantly in that time. The projects are being increasingly used by end users across industries including Anthem, GitHub, Netflix, Niantic, Pinterest, and Uber. They are leveraged by some of the largest technology vendors in the world to build higher layer products and service, and have integrations with high-velocity open source projects including Envoy, gRPC, Istio, Kubernetes, Sigstore, and Tekton.
It’s been truly awe inspiring to watch the SPIFFE and SPIRE projects grow. Helping to power the world’s largest supercomputers and social platforms with billions of monthly active users, the reach and scale of modern day SPIFFE is incredible. As I look towards the future, I can’t help but feel that we’re only just getting started…” – Evan Gilman, SPIFFE/SPIRE Maintainer
“It’s been an incredible journey thus far. Watching SPIFFE and SPIRE take shape and become an integral part of the zero trust journey for so many has been humbling. The SPIFFE/SPIRE community, growing every day, shares a love and collective curiosity for secure practices with a profound eagerness to help others. I’m glad to be a part of it.” – Andrew Harding, Staff Engineer at VMware
“It’s been an awesome experience to be part of SPIFFE and SPIRE. I’m surprised that now we get questions from people that get SPIRE for their vendors, and how the community is getting bigger every day with people from all over the world. But it is just starting and I’m looking forward to a bright future!” – Marcos Yacob, Senior Software Engineer at HPE
“I feel so lucky to have been part of the SPIFFE and SPIRE projects since the very beginning. It’s truly amazing to see how the dream of having an open specification and implementation to solve the problem of workload identity that could be massively adopted has become a reality, with SPIRE running at scale on so many diverse deployments. Looking ahead, I cannot be more optimistic about the future, with a vibrant community supporting the projects and more organizations adopting them every day.” – Agustín Martínez Fayó, Principal Software Engineer at HPE
End User Support
“As an early adopter, it has been fantastic using SPIFFE/SPIRE to solve complex identity problems in a uniform way for Uber, as well as contributing back to these projects. SPIFFE is the northstar foundation of securing all production interactions. I look forward to seeing the further evolutions and products that can come out of this.” – Andrew Moore, Platform Authentication Tech Lead at Uber
“There are certain things that when they work, they work seamlessly: You don’t even realize they exist. They make your life easier. They enable your devs and ops to sleep more. SPIFFE and, by extension, SPIRE is one of those technologies that are so simply elegant. This is just the beginning; more will come. I’m thrilled to see SPIFFE’s CNCF graduation.” – Volkan Ozcelik, Staff Engineer, VMware
“SPIFFE and SPIRE provide cryptographic, platform-agnostic identity foundation to help secure services across heterogeneous environments and organizational boundaries,” says Sunil Ravipati, Zero-Trust Director at Carelon Digital Platforms. “As a result, developers on our platform have access to a zero trust enabled, common framework that enables us to tackle some of the most complex challenges in healthcare while helping people improve their health and wellbeing.”
“Helping people get jobs securely begins with helping workloads securely get identities. SPIFFE/SPIRE, the foundational building block of our zero trust infrastructure, enhances Indeed’s agility and ability to securely innovate,” said Ken Adler, Director & Security Fellow, Indeed.com. “SPIFFE/SPIRE’s graduation is certain to encourage many more enterprises to adopt this transformative project.”
“At HPE, SPIRE has become an integral part of the Cray System Management tooling, our management plane that supports many of Cray’s Exascale supercomputers that are each comprised of tens of thousands of nodes, and are deployed in national research facilities around the world. I tend to view it as a Swiss army knife for workload AuthN, and our experience in the HPE/Cray side of things has been great. Congrats to the SPIFFE / SPIRE community on the CNCF graduation.” – Tim Pletcher, Principal Software Security Architect at Cray/HPE
“The SPIFFE/SPIRE framework empowered our team to take zero trust from vision to reality within heterogeneous production environments. By leveraging the SPIFFE/SPIRE framework, we built a zero trust infrastructure to secure hundreds of thousands of workloads within ByteDance, which further strengthens the security and reliability of our infrastructure to support over a billion people who turn to our products to be entertained or inspired across language, culture, and geography.” – Zhengqin Luo, Security Engineering Leader at Bytedance”
To officially graduate, SPIFFE and SPIRE demonstrated the project maturity expected of stable and well-established projects, including healthy adoption and end users, a Core Infrastructure Initiative Best Practices Badge, and a clearly defined project governance and committer process. The projects have also gone through multiple security reviews including the TAG Security review in early 2020 and a third-party security audit from Cure53, which found that SPIRE is “a secure project created with security in mind.”
Additional Resources
- CNCF Newsletter
- CNCF Twitter
- CNCF Blog
- SPIFFE/ SPIRE GitHub
- Project website
- Join the CNCF conversation on Slack
About Cloud Native Computing Foundation
Cloud native computing empowers organizations to build and run scalable applications with an open source software stack in public, private, and hybrid clouds. The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure, including Kubernetes, Prometheus, and Envoy. CNCF brings together the industry’s top developers, end users, and vendors, and runs the largest open source developer conferences in the world. Supported by more than 800 members, including the world’s largest cloud computing and software companies, as well as over 200 innovative startups, CNCF is part of the nonprofit Linux Foundation. For more information, please visit www.cncf.io.
###
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page. Linux is a registered trademark of Linus Torvalds.
Media Contact
Jessie Adams-Shore
The Linux Foundation
PR@CNCF.io