aid: spire name: SPIRE description: >- SPIRE (SPIFFE Runtime Environment) is the reference implementation of the SPIFFE standard, providing a toolchain for establishing trust between software systems across a wide variety of hosting platforms through automated attestation and workload identity distribution. SPIRE manages a certificate authority, performs node and workload attestation, and issues SVIDs to workloads through the SPIFFE Workload API. url: https://spiffe.io/docs/latest/spire-about/ tags: - Authentication - Cloud Native - Graduated - Identity - Security - Zero Trust created: '2025' modified: '2026-03-18' specificationVersion: '0.19' type: Index apis: - aid: spire:spire-workload-api name: SPIRE Workload API description: >- The SPIRE Agent exposes the SPIFFE Workload API as a Unix domain socket, allowing workloads running on the same node to request their X.509-SVIDs and JWT-SVIDs without requiring any credentials. The Workload API also delivers trust bundle updates so that workloads can verify the identity of other workloads. humanURL: https://spiffe.io/docs/latest/spire-about/spire-concepts/ properties: - type: Documentation url: https://spiffe.io/docs/latest/spire-about/spire-concepts/ - type: Reference url: https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Workload_API.md - type: AsyncAPI url: asyncapi/spire-workload-asyncapi.yml - type: GitHubRepository url: https://github.com/spiffe/spire tags: - gRPC - Identity - JWT - Workload - X.509 - aid: spire:spire-server-api name: SPIRE Server API description: >- The SPIRE Server exposes a gRPC API used by administrators and the SPIRE Agent to manage registration entries, node attestation, bundle federation, and server health. It allows creating and managing workload registration entries that define the SPIFFE IDs issued to workloads matching specified selectors, and supports federation with external SPIFFE trust domains. humanURL: https://spiffe.io/docs/latest/deploying/spire_server/ properties: - type: Documentation url: https://spiffe.io/docs/latest/deploying/spire_server/ - type: Reference url: https://github.com/spiffe/spire-api-sdk - type: JSONSchema url: json-schema/spire-registration-schema.json - type: GitHubRepository url: https://github.com/spiffe/spire-api-sdk tags: - Administration - Attestation - gRPC - Registration - Server - aid: spire:spire-agent-api name: SPIRE Agent API description: >- The SPIRE Agent runs on each node and handles workload attestation, caching SVIDs, and serving the Workload API. It exposes a health check endpoint and communicates with the SPIRE Server via node attestation to establish its own identity before issuing identities to workloads. humanURL: https://spiffe.io/docs/latest/deploying/spire_agent/ properties: - type: Documentation url: https://spiffe.io/docs/latest/deploying/spire_agent/ - type: Reference url: https://spiffe.io/docs/latest/deploying/spire_agent/ - type: GitHubRepository url: https://github.com/spiffe/spire - type: OpenAPI url: openapi/spire-health-openapi.yml - type: JSONStructure url: json-structure/spire-registration-structure.json tags: - Agent - Attestation - Identity - Node - Security - aid: spire:spire-oidc-discovery-api name: SPIRE OIDC Discovery API description: >- SPIRE includes an OIDC Discovery Provider that serves an OpenID Connect discovery document and JSON Web Key Set (JWKS) endpoint, enabling workloads to present JWT-SVIDs to systems that support standard OIDC token validation. This allows SPIRE-issued identities to be used with cloud provider IAM systems such as AWS, GCP, and Azure. humanURL: https://spiffe.io/docs/latest/keyless/oidc-federation-aws/ properties: - type: Documentation url: https://spiffe.io/docs/latest/keyless/oidc-federation-aws/ - type: GitHubRepository url: https://github.com/spiffe/spire/tree/main/support/oidc-discovery-provider - type: OpenAPI url: openapi/spire-oidc-discovery-openapi.yml - type: JSONStructure url: json-structure/spire-svid-structure.json tags: - Cloud - Federation - Identity - JWT - OIDC common: - type: Website url: https://spiffe.io/ - type: Documentation url: https://spiffe.io/docs/latest/ - type: Getting Started url: https://spiffe.io/docs/latest/try/getting-started-k8s/ - type: GitHub Organization url: https://github.com/spiffe - type: GitHubRepository url: https://github.com/spiffe/spire - type: Community url: https://spiffe.io/community/ - type: Slack url: https://slack.spiffe.io - type: Blog url: https://spiffe.io/blog/ - type: Change Log url: https://github.com/spiffe/spire/blob/main/CHANGELOG.md - type: Security url: https://github.com/spiffe/spire/blob/main/SECURITY.md - type: Stack Overflow url: https://stackoverflow.com/questions/tagged/spiffe - type: JSONSchema url: json-schema/spire-svid-schema.json - type: JSONSchema url: json-schema/spire-registration-schema.json - type: JSONStructure url: json-structure/spire-svid-structure.json - type: JSONStructure url: json-structure/spire-registration-structure.json - type: JSON-LD url: json-ld/spire-context.jsonld - type: SpectralRules url: rules/spire-rules.yml - type: Capabilities url: capabilities/workload-identity.yaml - type: Vocabulary url: vocabulary/spire-vocabulary.yml maintainers: - FN: Kin Lane email: kin@apievangelist.com