Skip to content

CSI Driver for SPIFFE overview

CSI Driver for SPIFFE is a CSI driver that provisions SPIFFE Verifiable Identity Documents (SVIDs) in the form of X.509 certificate key pairs. It works with pods in your cluster that use cert-manager.

While CSI Driver also delivers X.509 certificates to pods, CSI Driver for SPIFFE adds SPIFFE identity semantics so each pod can request an identity from a Trust Domain.

CSI Driver for SPIFFE provides the following key benefits:

  • Delivers SPIFFE identity to pods by transparently provisioning SVIDs as X.509 certificate key pairs.
  • Enforces policy through a built-in approver that replaces the default cert-manager approver.
  • Supports runtime issuer configuration through a ConfigMap, so you can change which issuer provides SVIDs.

By using CSI Driver for SPIFFE, your pods can establish SPIFFE-based identity and mutual authentication across your cluster.

What's next?

To get started, install CSI Driver for SPIFFE alongside cert-manager in your cluster. For version history, see the releases page.