Term · 32. Workload Identity & Cloud-native
SPIFFE (Secure Production Identity Framework For Everyone) SPIFFE
Definition
Secure Production Identity Framework For Everyone — CNCF standard for cryptographic workload identity. Defines SPIFFE ID format (URI), SPIFFE Verifiable Identity Document (SVID — X.509 cert or JWT), and trust domain hierarchy. Vendor-neutral foundation for cross-platform workload identity.
- Synonyms
-
- SPIFFE standard
- Workload identity standard
- Application
- Regulatory: CNCF — SPIFFE / SPIRE specs
- Standards & regulations
-
- CNCF
- Sources
-
- SPIFFE — Secure Production Identity Framework (CNCF) primary source
Related terms
-
SPIRE (SPIFFE Runtime Environment) (SPIRE)
SPIFFE Runtime Environment — open-source reference implementation of SPIFFE. Provides workload attestation (verify workl …
-
Cluster Identity
Identity assigned to a Kubernetes cluster or cluster-level service — used for authentication to external services (cloud …
-
Ephemeral Credentials
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …
-
OIDC for Cloud (Workload OIDC)
Pattern using OIDC tokens issued by cloud platforms (AWS IRSA, Azure Workload Identity, GCP Workload Identity Federation …
-
Service Account (SA)
Non-human account used by applications, services, or scheduled tasks to authenticate to other systems. Common categories …
-
Service Mesh Identity
Identity model for microservices within service mesh — each service has cryptographic identity (SPIFFE ID, X.509 cert) a …