Market map / Non-human & agentic identity
SPIFFE / SPIRE
The CNCF open standard and reference implementation for issuing identity to workloads.
- Category
- Open-source workload identity standard
- Lane
- Non-human & agentic identity
- Founded
- 2018 (CNCF project)
- Ownership
- Open source (CNCF)
Summary
SPIFFE is an open standard for securely identifying software workloads, and SPIRE is its reference implementation, both CNCF projects. They issue short-lived, cryptographic workload identities (SVIDs) so services authenticate across heterogeneous infrastructure without shared secrets.
Best for
Platform teams that want a vendor-neutral, open standard for workload identity.
Consider if
You want a managed product with discovery and governance rather than a self-run standard.
Strengths
- Vendor-neutral CNCF open standard
- Cryptographic, short-lived workload identities
- Broad ecosystem adoption
Considerations
- Self-operated, with no built-in governance UI
- Platform-engineering effort to run SPIRE