This is still an early-stage discussion, and feedback from the community is very welcome.
If you are operating SPIRE/SPIRE at scale, working on workload identity, or dealing with identity in CI/serverless envs, we would love to hear your thoughts.
docs.google.com/document/d/1...
#SPIFFE #SPIRE
There's a new article in the #Keycloak blog about federated client authentication, where you rely on an external provider (like a #Kubernetes cluster with service account token, or a generic #SPIFFE client) to authenticate confidential clients […]
I just noticed that @hashicorp.com Vault now supports #SPIFFE (a Kubecon 2025 announcement). Great news that better secures AI agent deployments. Lots of goodness - verifiable IDs for AI agents, zero trust architecture, and lifecycle management. www.hashicorp.com/en/blog/spif...
🔐 From “API keys in Git” to “agentic AI with scoped identities” — the next frontier of security is non‑human actors with strong attestation. #DevSecOps #CloudNative #CyberArk #SPIFFE
#KubeCon
blog.gitguardian.com/workload-ide...
Last week, I had the privilege of attending #KubeCon 2025
Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
Here are a few thoughts and reflections from the event:
blog.gitguardian.com/kubecon-2025
#KubeCon 2025
Anchoring Trust in the Age of AI: Identities Across Humans, Machines, and Models - Yuan Tang and Anjali Telang
KServe is a CNCF incubator project
kserve.github.io/website/
#SPIFFE #SPIRE #Keycloak
Coming soon…
#SPIFFE #SPIRE #OpenBao #ESO #ZeroTrust
--
The room is empty (just moved houses); there is some reverb. and I need to do some postproduction. -- But planning to stream it tonight via Twitch, YouTube, and LinkedIn.
How do you trust an autonomous AI agent?
In our latest post, we look at workload identity as another missing primitive for trustworthy AI.
Read more on our blog: www.sakurasky.com/blog/missing...
#AI #AISecurity #SPIFFE #WorkloadIdentity #DevSecOps
#Keycloak 26.4 is out with a lot of new capabilities for your self-hosted #iam:
* #Passkeys
* Client Authentication to use #SPIFFE or #Kubernetes service account tokens
* #FAPI 2 Final
Read more the full release announcement: www.keycloak.org/2025/09/keyc...
![## FIPS Compliance
**FIPS** stands for [Federal Information Processing Standards][fips]. FIPS
are publicly announced standards developed by the [*U.S. National Institute of
Standards and Technology (**NIST**)*][nist] for use in computer systems by
non-military American government agencies and government contractors.
**FIPS** standards cover various aspects of information technology.
[FIPS 140-3][fips], in particular, defines standards of security for hardware
and software cryptographic modules used to protect sensitive information.
[fips]: https://csrc.nist.gov/pubs/fips/140-3/final "FIPS"
[nist]: https://www.nist.gov/ "NIST"
All **SPIKE** binaries are configured to be **FIPS 140-3**-enabled at **compile
time**.
We use `GOFIPS140=v1.0.0` build time settings, that sets the
`GODEBUG=fips140=on` flag which ensures that the Go runtime is in **FIPS 140-3**
mode.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:aneyww3viw5alu7nlzeuu5gc/bafkreiccfubqcjzws4c3gxfamn76xznxlqcklphflet5m7mkhdk57ucghu)
## FIPS Compliance **FIPS** stands for [Federal Information Processing Standards][fips]. FIPS are publicly announced standards developed by the [*U.S. National Institute of Standards and Technology (**NIST**)*][nist] for use in computer systems by non-military American government agencies and government contractors. **FIPS** standards cover various aspects of information technology. [FIPS 140-3][fips], in particular, defines standards of security for hardware and software cryptographic modules used to protect sensitive information. [fips]: https://csrc.nist.gov/pubs/fips/140-3/final "FIPS" [nist]: https://www.nist.gov/ "NIST" All **SPIKE** binaries are configured to be **FIPS 140-3**-enabled at **compile time**. We use `GOFIPS140=v1.0.0` build time settings, that sets the `GODEBUG=fips140=on` flag which ensures that the Go runtime is in **FIPS 140-3** mode.
I'm happy to announce that as of v0.4.3, SPIKE binaries are FIPS 140-3-enabled.
spike.ist
#Security #ZeroTrust #SecretsManager #SPIFFE #SPIRE #SPIKE
Did you know that @cilium.io started using SPIFFE and SPIRE for the Identity Control Plane for their meshes? (beta feature)
docs.cilium.io/en/latest/ne...
#ZeroTrust #Security #SPIFFE #SPIRE #TurtlePower
Solo-CuistOps ce soir (il est où Joël ? 🫣)
Je vous propose d'aborder le sujet de #SPIFFE (et peut-être de SPIRE).
À ce soir, 21h 👨🍳
Securing Microservices with SPIFFE and Spring Security Microservices architectures introduce new ...
www.javacodegeeks.com/2025/03/securing-microse...
#Enterprise #Java #Microservices #Security #mTLS […]
[Original post on javacodegeeks.com]
@cncf.io wasmCloud is adopting SPIFFE as the standard for introducing workload identity that spans on-prem, edges + clouds. #SPIFFE adoption is growing and is a perfect fit for WebAssembly workload identity. Read @joonas.bergi.us's post for details ✨
wasmcloud.com/blog/2025-03...
Updated my #SPIFFE demos with support for AWS IAM Roles Anywhere next to JWT Federation
github.com/MattiasGees/...
I added a demo on using Google Cloud with my #spiffe demos. Thanks to Raf for doing most of the hard work github.com/MattiasGees/...
🚀 Excited to announce the release of SPIKE v0.2.0 🎉
SPIKE is a SPIFFE-first Secrets Store.
🌟 Big thanks to "first jumper" Şahin ( github.com/sahinakyol ) for his contributions 🙌
Check it out: 👉 github.com/spiffe/spike/releases/tag/v0.2.0
Turtle Power 🐢⚡️
#SPIFFE #Security #OpenSource #ZeroTrust
👀 #ATX See y'all on Thursday at Capital Factory as we welcome Yogi Porla to talk about #SPIFFE and #SPIRE. Free Food and drink thanks to Civo‼️ #kubernetes! 🔗RSVP at k8sAustin.com/spiffe
