#spiffe — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #spiffe, aggregated by home.social.
-
----------------
🔐 Identity (AI & Cloud-Native)
Overview
The article documents a shift in the enterprise attack surface: adversaries are increasingly targeting machine identities and service-level credentials rather than human accounts. Notable examples cited include VoidLink, which specializes in harvesting credentials, ShadowRay 2.0, which exploited an unauthenticated AI framework, and LangFlow, which retained service credentials and created a “master key” effect for connected services.
Key findings and numbers
• Machine identities outnumber human identities by an average ratio of 82:1 (Rubrik Zero Labs).
• A Cloud Security Alliance survey found 44% of organizations authenticate AI agents with static API keys, while only 28% can trace agent actions back to the human who authorized them; nearly 80% cannot currently report what deployed AI agents are doing or who is responsible.
• SPIFFE and SPIRE are presented as the primary industry response for workload identity: they issue short-lived, automatically rotating credentials tied to verified workload attributes, reducing the value of long-lived secrets.Where current systems fall short
• The piece emphasizes that SPIFFE/SPIRE were designed for traditional workload interactions; they can mitigate lateral movement and make alerts attributable when workloads carry verifiable identities. However, these systems are less effective for modern autonomous AI agents that make decisions, delegate tasks, and often authenticate with static credentials.
• The result is an expanding risk surface: AI agents and machine identities broaden potential impact from breaches because credentials often are created informally, rarely rotated, and lack centralized governance.Implications reported (factual)
• Attackers are not primarily “breaking in” but are leveraging logged-in identities belonging to machines and services.
• Short-lived workload credentials are described as an effective technical control against credential harvesting tactics used by malware like VoidLink.🔹 VoidLink #SPIFFE #LangFlow #ShadowRay #machineidentity
🔗 Source: https://blogs.cisco.com/security/identity-is-the-battleground
-
There's a new article in the #Keycloak blog about federated client authentication, where you rely on an external provider (like a #Kubernetes cluster with service account token, or a generic #SPIFFE client) to authenticate confidential clients. https://www.keycloak.org/2026/01/federated-client-authentication
Would love to take a closer look at that functionality at some point, especially for a use case where you authenticate Keycloak service accounts (to get tokens for M2M calls in a microservice architecture) through that method. Might be really great for getting rid of some secrets that have to be frequently rotated. But currently, I have no time to do this. Has anyone already used this? How well does it work? Worth investigating, or still too flaky?
-
Last week, I had the privilege of attending #KubeCon 2025
Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
Here are a few thoughts and reflections from the event:
https://blog.gitguardian.com/kubecon-2025 -
Zero Trust в облаке: практическое руководство
В этом руководстве рассматривается современный подход к безопасности — Zero Trust Network Access (ZTNA) — и показано, как его реализовать с помощью SPIFFE/SPIRE и OpenID Connect (OIDC). Материала много, по этому я предоставлю его в сухой форме. В основе ZTNA лежит принцип «никогда не доверяй, всегда проверяй»: каждый запрос на доступ считается потенциально небезопасным и проходит обязательную аутентификацию и авторизацию. По сравнению с классическими VPN-сетями решения ZTNA на базе SPIFFE/SPIRE и OIDC: Ускоряют процедуру аутентификации в 20–80 раз, Повышают производительность на 46–64 %, В облаках AWS и Google Cloud позволяют снизить задержки до 50–100 мс вместо привычных 2–4 с.
https://habr.com/ru/articles/917440/
#zerotrust #spiffe #spire #oidc #kubernetes #aws #gcp #ztna #security
-
🚀 Excited to share my overview & and demo on
“sharing secrets across clusters with SPIFFE federation” ✨I presented it at sig-spire on Oct 26, 2023.
Dive in and explore! 🛠️:
https://vimeo.com/v0lkan/vsecm-spire -
Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
https://zuinnote.eu/blog/?p=2273 -
Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
https://zuinnote.eu/blog/?p=2273 -
Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
https://zuinnote.eu/blog/?p=2273 -
Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
https://zuinnote.eu/blog/?p=2273 -
Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
https://zuinnote.eu/blog/?p=2273 -
🚀 Hey, #ZeroTrust enthusiasts! — We’ve kicked off VMware Secrets Manager v0.22.0, codenamed Boötes!
🌟 Curious about what awesomeness lies ahead? Our 🔥Updated Yearly Roadmap🔥 has all the details 👉 https://vsecm.com/docs/roadmap/
🐢⚡️ #TurtlePower
-
🚀 Hey, #ZeroTrust enthusiasts! — We’ve kicked off VMware Secrets Manager v0.22.0, codenamed Boötes!
🌟 Curious about what awesomeness lies ahead? Our 🔥Updated Yearly Roadmap🔥 has all the details 👉 https://vsecm.com/docs/roadmap/
🐢⚡️ #TurtlePower
-
Master the art of local deployment and development of VMware Secrets Manager. Take your #DevOps game to the next level 🛠️🔐
-
Master the art of local deployment and development of VMware Secrets Manager. Take your #DevOps game to the next level 🛠️🔐
-
🎉 Just wrapped up an electric session on today's #TalkSPIFFE! 🚀 We dove deep into the nitty-gritty of open source, business licensing models, and their ripple effects on the open-source ecosystem (I’m looking at you HashiCorp!). 🌐
https://www.twitch.tv/videos/1913673154
#ZeroTrust #Security #SPIFFE #SPIRE #VSecM #TalkSPIFFE #VOD #Twitch
-
🔐 A Milestone in Zero-Trust Architectures: SPIFFE Takes Center Stage in Google Cloud
This week marked a pivotal moment in the journey of zero-trust architectures. Google Cloud announced its standardization of SPIFFE as the unified identity platform across all its environments.
This is not just a technical achievement; it’s’ a paradigm shift in how we approach security in cloud computing.
https://www.linkedin.com/feed/update/urn:li:activity:7103184580895014912/
#SPIFFE #ZeroTrust #GoogleCloud #CyberSecurity #OpenSource #Leadership
1/n
-
NIST said you should use SPIFFE, and you should use it NOW, and Google Cloud is standardizing its workload identity based on SPIFFE.
I cannot emphasize how HUGE this is!
check out this clip:https://www.youtube.com/clip/UgkxcujMWTzWhgep5b0rG0Xk991AQ91PCSmt
-
Keep your secrets… secret.
-
Keep your secrets… secret.
-
🎉 Introducing VMware Secrets Manager; The Next Step for Aegis!
»» https://www.zerotohero.dev/vmware-secrets-manager/ ««I am thrilled to share an update with all of you. Aegis has transformed and landed into its new home! It is now entering a phase as VMware Secrets Manager for Cloud Native workloads!
#ZeroTrust #security #VMware #SecretsManager #secrets #spiffe #SPIRE
-
🎉 Introducing VMware Secrets Manager; The Next Step for Aegis!
»» https://www.zerotohero.dev/vmware-secrets-manager/ ««I am thrilled to share an update with all of you. Aegis has transformed and landed into its new home! It is now entering a phase as VMware Secrets Manager for Cloud Native workloads!
#ZeroTrust #security #VMware #SecretsManager #secrets #spiffe #SPIRE
-
How to configure mTLS using SPIRE and Envoy » https://www.youtube.com/watch?v=7qANSe9ajbE
-
Hi 👋! only 1hr until our #TalkSPIFFE office hours kick off at 8:30am PT. We'll explore demos, use cases & more on unlocking secure comms with SPIFFE/SPIRE. Join us for an enlightening community chat! 🔐 #SPIFFE #SPIRE #Security #ZeroTrust
Join us at https://twitch.tv/ZeroToHeroDev
-
Hi 👋! only 1hr until our #TalkSPIFFE office hours kick off at 8:30am PT. We'll explore demos, use cases & more on unlocking secure comms with SPIFFE/SPIRE. Join us for an enlightening community chat! 🔐 #SPIFFE #SPIRE #Security #ZeroTrust
Join us at https://twitch.tv/ZeroToHeroDev
-
Thanks helm-charters of SPIFFE — You rock 🤘.
-
Thanks helm-charters of SPIFFE — You rock 🤘.
-
Jump into the world of multi-streaming with this comprehensive overview on the behind-the-scenes, tools, tips and tricks, used in setting up the backstage for #TalkSPIFFE.
-
🚀 Ready to #TalkSPIFFE ?
Our new series demystifies #SPIFFE tech and connects the community. 🐢
Join us tomorrow (Fri), 8:30 AM PT (4:30 PM BST, 9 PM IST) on Twitch 👉 https://twitch.tv/ZeroToHeroDev.
Don’t use Twitch?
Zoom: https://zoom.us/j/95283083971?pwd=UWJnQjQxSmRZZFJ2c3lieU1tMEhhdz09 -
🎶🎤 “Talk SPIFFE to me” — a mini teaser of what’s coming up 😉🐢⚡️.
-
🎶🎤 “Talk SPIFFE to me” — a mini teaser of what’s coming up 😉🐢⚡️.
-
Good times with #Styra friends at #EIC Berlin, talking policy, authorization and #OpenPolicyAgent. If you're around, don't miss when @charlieegan3 talks #OPA and #SPIFFE today!
-
well that was fun. got #tornjak integrated with #keycloak successfully. Want to try it out for yourself? Theres a great blog to walk you through the process #spiffe #WorkloadIdentity https://medium.com/universal-workload-identity/guide-to-integrating-tornjak-with-keycloak-for-access-control-to-spire-40a3d5ee5f5a
-
Setting Up SPIRE on EKS in Less Than Ten Minutes
This article will look at what SPIFFE and SPIRE are. Then, we’ll explore why managing identities and Trust at scale is a tough challenge and how to solve it in a repeatable, scalable, and platform-agnostic way.
-
Using SPIRE to Securely Connect Workloads
This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.
https://www.zerotohero.dev/spire-mtls/
#ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls
-
Using SPIRE to Securely Connect Workloads
This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.
https://www.zerotohero.dev/spire-mtls/
#ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls
-
Using SPIRE to Securely Connect Workloads
This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.
https://www.zerotohero.dev/spire-mtls/
#ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls
-
Using SPIRE to Securely Connect Workloads
This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.
https://www.zerotohero.dev/spire-mtls/
#ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls
-
Using SPIRE to Securely Connect Workloads
This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.
https://www.zerotohero.dev/spire-mtls/
#ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls