Secure microservices with centralized zero trust



In this article I covered the important concepts of SPIFFE and SPIRE and deployed a simple application that uses SPIRE to implement mTLS between workloads. However, I haven't touched on many interesting aspects, such as integration with Open Policy Agent (OPA) policies, AWS OpenID Connect (OIDC), HashiCorp Vault, and the creation of your own dedicated attestation plugins. All of these subjects are covered by the documentation, and the helpful SPIRE Slack community is always willing to discuss these concepts, too.


  1. Feldman, Daniel, et al. Solving The Bottom Turtle. 2020:]
  2. Deploying a federated SPIRE architecture:
  3. PIFFE and SPIRE's home on the Internet:
  4. SPIRE:
  5. Quickstart for Kubernetes:
  6. SPIRE tutorials:
  7. SPIFFE CSI driver:
  8. SPIRE docs:

The Author

Abe Sharp heads the Customer Engineering team for the Ezmeral Runtime Enterprise at Hewlett Packard Enterprise. His team is actively supporting SPIRE for a number of major enterprise customers.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=