#SPIRE

Posts about spire. ← All posts

A2AADKAGTAIAI GovernanceAIGPAMLAPI DesignAWSAadhaarAccountingAgentsAnomaly DetectionArchitectureArdan LabsAuditAudit LogAzureBCPBankingBedrockBenchmarksBhashiniBigQueryCRAGCachingCareerCase StudyClinical Decision SupportCloud ArchitectureCloud KMSCloud RunCoding AgentsCommunicationComplianceConcurrencyConfigCost OptimisationCryptographyCultureCures ActDSLData ResidencyDatabase DesignDatabase MigrationDatabase SecurityDataflowDatastreamDebuggingDeploymentDesign PatternDevOpsDeveloper ExperienceDevice FlowDistributed SystemsDoclingElevenLabsEmbeddingsEngineeringEntity ResolutionEnvoyEvaluationFHIRFREE-AIFinOpsFinTechFoundationsFraudGCPGDPRGKEGOMEMLIMITGSoCGeminiGenieGitHubGoGo 1.23GoMLXGoogle CloudGoogle Cloud NextGovernanceGrafanaGraphQLGraphRAGHIPAAHITLHL7 v2Healthcare ITHyDEIAPPISO 27001IdempotencyIdentity FederationIncident ResponseIndic LanguagesIngestionIntegrationJWTJupyterKMSKYCKafkaKnowledge GraphKubernetesLLMLLM OpsLLM-as-JudgeLatencyLendingLessons LearnedLocal AILoggingMAFMARAMCPML EngineeringMagenticMemoryMentorshipMicroservicesMiddlewareMigrationMulti-AgentMulti-Agent AIMulti-CloudMulti-LanguageMultilingualNPCINetworkingOAuthOPAOTelOWASPObservabilityOllamaOpen BankingOpen SourceOpenTelemetryOperationsOperatorsOpinionOrchestrationPAMPCSEPDFPKCEPasskeysPatternsPaymentsPerformancePipelinePolicyPolicy as CodePostgreSQLPrivacy EngineeringProductionPrometheusPrompt InjectionPromptingProtocolsProvider AbstractionPub/SubPythonRAGRBACRBIREPLRFC 8693ReactRedisRefactorRegistryRegulationReliabilityReservationsResilienceRetrievalRetrospectiveSAMLSLOSOC 2SPIFFESPIRESQLSRESSESagaSaudi ArabiaSchemaSecuritySecurity Command CenterSelf-RAGService MeshSoftware ArchitectureSpannerSpeakingState ManagementStdlibStorageStreamingTata GroupTerraformTestingTier PromotionToken BudgetingTool CallingToolsUAEUPIUXVectorsVertex AIVideoVisionVoice AIVotingWebAuthnWhisperWorkflowWorkflowsWorkload IdentityWorkload Identity FederationWritingZero-Trustembed.FSerrgroupgRPCiter.SeqmTLSpgvectorslog
· Engineering

SPIFFE/SPIRE basics — workload identity at deploy time

Services need identity too, not just users. SPIFFE issues SVIDs (verifiable identity documents) to workloads; SPIRE is the reference issuer. The shape and the first deploy.

SPIFFESPIREWorkload IdentityZero-Trust
· Engineering

mTLS at the proxy — Envoy + SPIRE-issued SVIDs

Pushing mTLS into a service mesh removes it from every individual service. Envoy + SPIRE is the canonical pattern; the implementation has fewer moving parts than the architecture diagrams suggest.

mTLSEnvoySPIREService Mesh