Skip to content
/ spike Public

SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhead.

License

Notifications You must be signed in to change notification settings

spiffe/spike

SPIKE

Secure Production Identity for Key Encryption (SPIKE)

SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane.

SPIKE protects your secrets and helps your ops, SREs, and sysadmins #sleepmore.

For more information, see the documentation.

The Elevator Pitch

SPIKE is a streamlined, highly-reliable secrets store that leverages SPIFFE framework for strong, production-grade identity control.

Built with simplicity and high availability in mind, SPIKE empowers ops teams, SREs, and sysadmins to protect sensitive data and #sleepmore by securing secrets across distributed environments.

Key components include:

  • SPIKE Nexus: The heart of SPIKE, handling secret encryption, decryption, and root key management.
  • SPIKE Keeper: A redundancy mechanism that safely holds root keys in memory, enabling fast recovery if Nexus fails.
  • SPIKE Pilot: A secure CLI interface, translating commands into mTLS API calls, reducing system vulnerability by containing all admin access.

With its minimal footprint and robust security, SPIKE provides peace of mind for your team and critical data resilience when it counts.

🚨 Alpha Release Notice 🚨

  • Project Status: Alpha

This project is currently in the Alpha stage. It's functional and available for experimentation, but it's NOT yet ready for production use: You may encounter bugs, incomplete features, or breaking changes as the project evolves.

Use this project at your own risk if you're experimenting or contributing to its development. For production-level stability, please wait for a more stable release.

Please note that the SPIKE documentation is a work in progress too. It might be incomplete or inaccurate at times, and what the document states may not fully reflect how the code or the product behaves.

Please 🐻 with us for now, and send your feedback to [email protected].

We will let you know through various channels when the project reaches adequate maturity for public adoption.

Getting Your Hands Dirty

Check out the quickstart guide to start playing with the project.

You can also read the documentation to learn more about SPIKE's architecture and design philosophy.

A Note on Security

We take SPIKE's security seriously. If you believe you have found a vulnerability, please responsibily disclose it to [email protected].

See SECURITY.md for additional details.

Community

Open Source is better together.

If you are a security enthusiast, join SPIFFE's Slack Workspace and let us change the world together 🤘.

Links

Folder Structure

Here are the important folders and files in this repository:

  • ./app: Contains SPIKE components' source code:
    • ./app/keeper: SPIKE Keeper
    • ./app/nexus: SPIKE Nexus
    • ./app/spike: SPIKE Pilot
  • ./config: Contains configuration files to run SPIRE in a development environment.
  • ./docs: Public documentation.
  • ./hack: Useful scripts to build and test the project.
  • ./internal: Internal modules shared among SPIKE components.

Code Of Conduct

Be a nice citizen.

Contributing

To contribute to SPIKE, follow the contributing guidelines to get started.

Use GitHub issues to request features or file bugs.

Communications

License

Mozilla Public License v2.0.

About

SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhead.

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •