Skip to content

spiffe/spire-plugin-sdk

Repository files navigation

SPIRE Plugin SDK

This repository contains the service definitions, code generated stubs, and infrastructure for running and testing SPIRE plugins.

Overview

SPIRE supports a rich plugin system. Plugins can either be built in, or external, to SPIRE. External plugins are separate processes and use go-plugin under the covers.

SPIRE communicates with plugins over gRPC. As such, the various interfaces are defined via gRPC service definitions.

There are three types of interfaces:

Type Description
Plugin The primary plugin interface. A plugin only implements only one plugin interface.
Service An auxiliary service interface. These are generic facilities consumed by SPIRE. An example is the common Config service. A plugin implements zero or more service interfaces.
Host Service A service provided by SPIRE and optionally consumed by plugins.

Plugins

Agent

Plugin Versions Description Template
KeyManager v1 Manages private keys and performs signing operations. link
NodeAttestor v1 Performs the agent side of the node attestation flow. link
SVIDStore v1 Stores workload X509-SVIDs to arbitrary destinations. link
WorkloadAttestor v1 Attests workloads and provides selectors. link

Server

Plugin Versions Description Template
BundlePublisher v1 Publishes a trust bundle to a store. link
CredentialComposer v1 Allows customization of SVID and CA attributes. link
KeyManager v1 Manages private keys and performs signing operations. link
NodeAttestor v1 Performs the server side of the node attestation flow. link
Notifier v1 Notifies external systems of certain SPIRE events. link
UpstreamAuthority v1 Plugs SPIRE into an upstream PKI. link

Services

Common

Service Versions Description
Config v1 Used by SPIRE to configure the plugin.

Host Services

Common

Host Service Versions Description
Metrics v1 Provides metrics facilities.

Server

Host Service Versions Description
IdentityProvider v1 Provides an identity and bundle information.
AgentStore v1 Provides information about attested agents.

Authoring Plugins

For guidance in authoring a plugin, see AUTHORING.

Migrating Pre-SDK Plugins

To migrate existing pre-SDK plugins, see MIGRATING.

Versioning

This repository is tagged along with SPIRE releases with the same name, even if there are no changes to the APIs between SPIRE versions. This allows consumers to always pick a tag that matches up with their deployment. Even so, SPIRE maintains API compatibility between SPIRE versions. SPIRE will clearly indicate in the CHANGELOG when APIs are deprecated and issue warnings at runtime when they are used well in advance of any removal.

Contributing

This repository follows the same governance and contribution guidelines as the SPIRE project.

For specifics on getting started, see CONTRIBUTING.

Please open Issues to request features or file bugs.