VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/

Integrates Spiffe and Vault to have secretless authentication

Provides agent and server plugins for SPIRE to allow TPM 2-based node attestation.

HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).

OPA-Envoy-SPIRE External Authorization Example.

vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.

SPIFFE Federation the easy way

Provides agent and server plugins for SPIRE to allow Tailscale node attestation.

A CLI for Kubernetes workload identity

A gRPC based pub/sub messaging system

An OpenStack-based SPIRE plugins

AWS SPIFFE Workload Helper is a light-weight tool intended to assist in providing a workload with credentials for AWS using its SPIFFE identity.

Showcasing the potential of SPIFFE with real-life services

Kubernetes datastore plugin for SPIRE server

Proof of concept SPIFFE implementation that provides user SVIDs based on web SSO integration.

SPIFFE Demo Application

Demonstration of SPIFFE/SPIRE authentication on Kind cluster

This repository has been merged into /~https://github.com/spiffe/spire. The Vault plugin is now a build-in plugin.

Fetching and Rotating Pod's SVID from SPIRE Workload API as Sidecar

REST go bindings for workload api for SPIFFE