{
"$type": "site.standard.document",
"canonicalUrl": "https://joe.dev/posts/10-years-of-spiffe",
"description": "A decade ago I wrote the design doc for SPIFFE. Workload identity is finally having its moment.",
"path": "/posts/10-years-of-spiffe",
"publishedAt": "2026-05-24T18:23:34.000Z",
"site": "at://did:plc:vkn2vmcnsmlffrpwalvgybw5/site.standard.publication/3mmfe3yxkqd2b",
"tags": [
"spiffe",
"identity",
"open-source",
"history"
],
"textContent": "A little over 10 years ago I wrote the design doc for SPIFFE, a standard for giving workloads cryptographic identities so services can authenticate to each other without passwords. I launched it at a talk at GlueCon that year. This was a unique thing as it was an \"open source\" project that was just a document. There was no code initially.\n\nI almost started a company around it but did Heptio instead. I handed it off to Sunil James who started a company and got it into the CNCF. Sunil and the folks at his company, Scytale, also wrote the companion reference implementation called SPIRE.\n\nThis just goes to show I suck at timing. 😂 It is having a moment now. It only took 10 years for the need for workload identity to be obvious with the advent of agents.\n\nTo mark this I want to get some of the original artifacts out there for anyone that is interested.\n\n- Original design doc: https://docs.google.com/document/d/1GjurNK2ROw4rXz-k-l68JtpGRkGj2fZcWqP6gksEriQ/edit\n- Original presentation at GlueCon: http://slides.eightypercent.net/spiffe-intro/index.html#p1\n\nEaster egg: the colors in the original logo were based on my last name. Fun you can have when your name can be represented as hex. #00BEDA and #BEDA00. Those colors (or very similar) are still used in the logo!\n\nHuge thank you to everyone who took the baton. Picking up someone else's half-formed idea and shipping it is harder than having the idea. You all did that.\n\n---\n\n_This was originally posted on LinkedIn but I want the long-term home to be on this blog._",
"title": "10 Years of SPIFFE"
}