Kubernetes v1.35 is moving native workload identity forward.
This gives Pods mTLS-ready identities with automatic rotation.
Short-lived certificates to Pods via projected volumes, meaning no more dependency on cert-manager or SPIFFE/SPIRE.
kubernetes.io/blog/2025/11...
This gives Pods mTLS-ready identities with automatic rotation.
Short-lived certificates to Pods via projected volumes, meaning no more dependency on cert-manager or SPIFFE/SPIRE.
kubernetes.io/blog/2025/11...
Kubernetes v1.35 Sneak Peek
As the release of Kubernetes v1.35 approaches, the Kubernetes project continues to evolve. Features may be deprecated, removed, or replaced to improve the project's overall health. This blog post outl...
kubernetes.io
November 26, 2025 at 1:37 PM
Kubernetes v1.35 is moving native workload identity forward.
This gives Pods mTLS-ready identities with automatic rotation.
Short-lived certificates to Pods via projected volumes, meaning no more dependency on cert-manager or SPIFFE/SPIRE.
kubernetes.io/blog/2025/11...
This gives Pods mTLS-ready identities with automatic rotation.
Short-lived certificates to Pods via projected volumes, meaning no more dependency on cert-manager or SPIFFE/SPIRE.
kubernetes.io/blog/2025/11...
Various Fixes (WIP) by v0lkan · Pull Request #245 · spiffe/spike
Various Fixes (WIP)
github.com
November 26, 2025 at 1:05 AM
SPIFFE: Securing the identity of agentic AI and non-human actors #appsec
SPIFFE: Securing the identity of agentic AI and non-human actors
Eyal Estrin
unread,
9:58 AM (16 minutes ago)
to
https://www.hashicorp.com/en/blog/spiffe-securing-the-identity-of-agentic-ai-and-non-human-actors
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
groups.google.com
November 25, 2025 at 3:14 PM
SPIFFE: Securing the identity of agentic AI and non-human actors #appsec
Just published my recap of KubeCon NA 2025 - Atlanta! 🇺🇸
My first time attending as a CNCF Ambassador + speaking twice 🎤🚀
👉 lnkd.in/eHYa2z82
AI on K8s, Zero-Trust, Platform Engineering, SPIFFE/SPIRE & more!
#KubeCon #CNCF #Kubernetes #CloudNative #CloudSecurity #AI #PlatformEngineering
My first time attending as a CNCF Ambassador + speaking twice 🎤🚀
👉 lnkd.in/eHYa2z82
AI on K8s, Zero-Trust, Platform Engineering, SPIFFE/SPIRE & more!
#KubeCon #CNCF #Kubernetes #CloudNative #CloudSecurity #AI #PlatformEngineering
LinkedIn
This link will take you to a page that’s not on LinkedIn
lnkd.in
November 25, 2025 at 2:49 PM
Just published my recap of KubeCon NA 2025 - Atlanta! 🇺🇸
My first time attending as a CNCF Ambassador + speaking twice 🎤🚀
👉 lnkd.in/eHYa2z82
AI on K8s, Zero-Trust, Platform Engineering, SPIFFE/SPIRE & more!
#KubeCon #CNCF #Kubernetes #CloudNative #CloudSecurity #AI #PlatformEngineering
My first time attending as a CNCF Ambassador + speaking twice 🎤🚀
👉 lnkd.in/eHYa2z82
AI on K8s, Zero-Trust, Platform Engineering, SPIFFE/SPIRE & more!
#KubeCon #CNCF #Kubernetes #CloudNative #CloudSecurity #AI #PlatformEngineering
I just noticed that @hashicorp.com Vault now supports #SPIFFE (a Kubecon 2025 announcement). Great news that better secures AI agent deployments. Lots of goodness - verifiable IDs for AI agents, zero trust architecture, and lifecycle management. www.hashicorp.com/en/blog/spif...
www.hashicorp.com
November 24, 2025 at 11:39 PM
I just noticed that @hashicorp.com Vault now supports #SPIFFE (a Kubecon 2025 announcement). Great news that better secures AI agent deployments. Lots of goodness - verifiable IDs for AI agents, zero trust architecture, and lifecycle management. www.hashicorp.com/en/blog/spif...
I tried to capture as much as I can in this CHANGELOG too, but there are more: github.com/spiffe/spike...
Despite the sheer amount of changes, the API surface is mostly intact; so I don't expect (but cannot guarantee) any breaking changes.
Despite the sheer amount of changes, the API surface is mostly intact; so I don't expect (but cannot guarantee) any breaking changes.
Various Fixes (WIP) by v0lkan · Pull Request #245 · spiffe/spike
Various Fixes (WIP)
github.com
November 24, 2025 at 4:33 AM
I tried to capture as much as I can in this CHANGELOG too, but there are more: github.com/spiffe/spike...
Despite the sheer amount of changes, the API surface is mostly intact; so I don't expect (but cannot guarantee) any breaking changes.
Despite the sheer amount of changes, the API surface is mostly intact; so I don't expect (but cannot guarantee) any breaking changes.
Documentation update on SPIKE Security Model: github.com/spiffe/spike...
github.com
November 24, 2025 at 4:33 AM
Documentation update on SPIKE Security Model: github.com/spiffe/spike...
An ADR about providing minimal API error responses in RESTful interfaces to align with various security standards such as NIST SP 800-53; and defend against attack vectors such as path enumeration, permission probing, version detection, and schema discovery github.com/spiffe/spike...
github.com
November 24, 2025 at 4:33 AM
An ADR about providing minimal API error responses in RESTful interfaces to align with various security standards such as NIST SP 800-53; and defend against attack vectors such as path enumeration, permission probing, version detection, and schema discovery github.com/spiffe/spike...
An ADR about restricting admin-critical "break the glass" restore and recover operations to SPIKE Pilot only -- with a proper SPIKE Keeper distributions, these operation would be needed very seldomly, and when it is needed, a high-privileged user should do it. github.com/spiffe/spike...
github.com
November 24, 2025 at 4:33 AM
An ADR about restricting admin-critical "break the glass" restore and recover operations to SPIKE Pilot only -- with a proper SPIKE Keeper distributions, these operation would be needed very seldomly, and when it is needed, a high-privileged user should do it. github.com/spiffe/spike...
An ADR about how the error messages are (going to )being handled: github.com/spiffe/spike...
github.com
November 24, 2025 at 4:31 AM
An ADR about how the error messages are (going to )being handled: github.com/spiffe/spike...
Here are some of the changes worth noticing:
A ton of bug fixes and API integrity alignments.
A new ADR about audit logs: github.com/spiffe/spike... (this is for future implementation; not a part of this PR)
A ton of bug fixes and API integrity alignments.
A new ADR about audit logs: github.com/spiffe/spike... (this is for future implementation; not a part of this PR)
github.com
November 24, 2025 at 4:31 AM
Here are some of the changes worth noticing:
A ton of bug fixes and API integrity alignments.
A new ADR about audit logs: github.com/spiffe/spike... (this is for future implementation; not a part of this PR)
A ton of bug fixes and API integrity alignments.
A new ADR about audit logs: github.com/spiffe/spike... (this is for future implementation; not a part of this PR)
By the way, this is a jumbo PR: github.com/spiffe/spike... and I'm doing my best to complete it without trying to break things (that much :D)
1/n
1/n
Various Fixes (WIP) by v0lkan · Pull Request #245 · spiffe/spike
Various Fixes (WIP)
github.com
November 24, 2025 at 4:31 AM
By the way, this is a jumbo PR: github.com/spiffe/spike... and I'm doing my best to complete it without trying to break things (that much :D)
1/n
1/n
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication ➜ https:// ku.bz/HsWb7TCYL
Interest | Match | Feed
Interest | Match | Feed
Origin
learnk8s.news
November 21, 2025 at 6:07 PM
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication ➜ https:// ku.bz/HsWb7TCYL
Interest | Match | Feed
Interest | Match | Feed
Origin
learnk8s.news
November 21, 2025 at 6:06 PM
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➜ https://ku.bz/HsWb7TCYL
➜ https://ku.bz/HsWb7TCYL
November 21, 2025 at 6:06 PM
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➜ https://ku.bz/HsWb7TCYL
➜ https://ku.bz/HsWb7TCYL
🔐 From “API keys in Git” to “agentic AI with scoped identities” — the next frontier of security is non‑human actors with strong attestation. #DevSecOps #CloudNative #CyberArk #SPIFFE
#KubeCon
blog.gitguardian.com/workload-ide...
#KubeCon
blog.gitguardian.com/workload-ide...
Workload And Agentic Identity at Scale: Insights From CyberArk's Workload Identity Day Zero
On the eve of KubeCon 2025, experts from companies like Uber, AWS, and Block shared how SPIRE and workload identity fabrics reduce risk in complex, cloud-native systems.
blog.gitguardian.com
November 21, 2025 at 3:19 PM
🔐 From “API keys in Git” to “agentic AI with scoped identities” — the next frontier of security is non‑human actors with strong attestation. #DevSecOps #CloudNative #CyberArk #SPIFFE
#KubeCon
blog.gitguardian.com/workload-ide...
#KubeCon
blog.gitguardian.com/workload-ide...
Last week, I had the privilege of attending #KubeCon 2025
Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
Here are a few thoughts and reflections from the event:
blog.gitguardian.com/kubecon-2025
Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
Here are a few thoughts and reflections from the event:
blog.gitguardian.com/kubecon-2025
Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025
From secure service mesh rollouts to AI cluster hardening, see how KubeCon + CloudNativeCon NA 2025 redefined identity, trust, and governance in Kubernetes environments.
blog.gitguardian.com
November 20, 2025 at 3:26 PM
Last week, I had the privilege of attending #KubeCon 2025
Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
Here are a few thoughts and reflections from the event:
blog.gitguardian.com/kubecon-2025
Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
Here are a few thoughts and reflections from the event:
blog.gitguardian.com/kubecon-2025
Better and more deterministic error handling is coming to a SPIKE codebase near you (with many other improvements)
PR: github.com/spiffe/spike...
Still WIP, and I have likely broken a dozen tests; but for a good reason :)
+ similar improvements to the SPIKE Go SDK.
PR: github.com/spiffe/spike...
Still WIP, and I have likely broken a dozen tests; but for a good reason :)
+ similar improvements to the SPIKE Go SDK.
November 19, 2025 at 2:28 AM
Better and more deterministic error handling is coming to a SPIKE codebase near you (with many other improvements)
PR: github.com/spiffe/spike...
Still WIP, and I have likely broken a dozen tests; but for a good reason :)
+ similar improvements to the SPIKE Go SDK.
PR: github.com/spiffe/spike...
Still WIP, and I have likely broken a dozen tests; but for a good reason :)
+ similar improvements to the SPIKE Go SDK.
Dropped a new post in the Trustworthy AI series today.
Deep dive on verifiable audit logs for agent systems: hash chains, Merkle trees, SPIFFE-backed signatures, and AWS anchoring. Practical and code heavy.
www.sakurasky.com/blog/missing...
Deep dive on verifiable audit logs for agent systems: hash chains, Merkle trees, SPIFFE-backed signatures, and AWS anchoring. Practical and code heavy.
www.sakurasky.com/blog/missing...
Verifiable Audit Logs
How to make every agent action tamper proof and cryptographically verifiable for compliance and forensic analysis.
www.sakurasky.com
November 17, 2025 at 11:40 AM
Dropped a new post in the Trustworthy AI series today.
Deep dive on verifiable audit logs for agent systems: hash chains, Merkle trees, SPIFFE-backed signatures, and AWS anchoring. Practical and code heavy.
www.sakurasky.com/blog/missing...
Deep dive on verifiable audit logs for agent systems: hash chains, Merkle trees, SPIFFE-backed signatures, and AWS anchoring. Practical and code heavy.
www.sakurasky.com/blog/missing...
New post in our Trustworthy AI series.
This one covers verifiable audit logs for agent systems.
Hash chains, Merkle trees, SPIFFE signatures, anchoring.
www.sakurasky.com/blog/missing...
This one covers verifiable audit logs for agent systems.
Hash chains, Merkle trees, SPIFFE signatures, anchoring.
www.sakurasky.com/blog/missing...
Verifiable Audit Logs
How to make every agent action tamper proof and cryptographically verifiable for compliance and forensic analysis.
www.sakurasky.com
November 17, 2025 at 11:39 AM
New post in our Trustworthy AI series.
This one covers verifiable audit logs for agent systems.
Hash chains, Merkle trees, SPIFFE signatures, anchoring.
www.sakurasky.com/blog/missing...
This one covers verifiable audit logs for agent systems.
Hash chains, Merkle trees, SPIFFE signatures, anchoring.
www.sakurasky.com/blog/missing...
New post in my "Missing Primitives for Trustworthy AI Agents" series: Policy-as-Code for AI agents.
If agents are making decisions at runtime, the guardrails have to live there too.
OPA, Rego, SPIFFE, and a Python example.
www.sakurasky.com/blog/missing...
If agents are making decisions at runtime, the guardrails have to live there too.
OPA, Rego, SPIFFE, and a Python example.
www.sakurasky.com/blog/missing...
Policy-as-Code Enforcement
Guardrails must be enforced at runtime, not left as developer best practices. Just like infrastructure-as-code, compliance must be baked into execution.
www.sakurasky.com
November 16, 2025 at 11:21 AM
New post in my "Missing Primitives for Trustworthy AI Agents" series: Policy-as-Code for AI agents.
If agents are making decisions at runtime, the guardrails have to live there too.
OPA, Rego, SPIFFE, and a Python example.
www.sakurasky.com/blog/missing...
If agents are making decisions at runtime, the guardrails have to live there too.
OPA, Rego, SPIFFE, and a Python example.
www.sakurasky.com/blog/missing...
SPIFFE: Securing the identity of agentic AI and non-human actors With native SPIFFE auth support, Vault Enterprise simplifies and extends authentication of non-human-identity (NHI) workloads such as AI agents.
Interest | Match | Feed
Interest | Match | Feed
Origin
www.hashicorp.com
November 14, 2025 at 11:40 AM
SPIFFE: Securing the identity of agentic AI and non-human actors With native SPIFFE auth support, Vault Enterprise simplifies and extends authentication of non-human-identity (NHI) workloads such a...
Origin | Interest | Match
Origin | Interest | Match
Awakari App
awakari.com
November 14, 2025 at 11:41 AM
I’m around all day! Home base is the SPIFFE booth in the open source zone
November 12, 2025 at 10:18 PM
I’m around all day! Home base is the SPIFFE booth in the open source zone