Skip to main content

TLS Support using SPIFFE

Project description

spiffe-tls package (experimental)

Overview

The spiffe-tls package, part of the py-spiffe library, streamlines the establishment of secure TLS connections using SPIFFE certificates. Powered by pyOpenSSL, it provides straightforward utilities for configuring TLS clients and servers. Currently experimental, spiffe-tls facilitates the seamless integration of SPIFFE for the automatic management of X.509 certificates and CA trust bundles via X509Source from the spiffe package.

Key Features

  • TLS connections with SPIFFE ID validation.
  • Mutual TLS (MTLS) support for authenticated client-server communication.
  • Customizable server and client TLS configurations.

Quick Start

Server Setup

# Create a TLS server with SPIFFE-based MTLS
from spiffetls import listen, ListenOptions
from spiffe import SpiffeId, X509Source
from spiffetls.mode import ServerTlsMode
from spiffetls.tlsconfig.authorize import authorize_id

x509_source = X509Source()
options = ListenOptions(
    tls_mode=ServerTlsMode.MTLS,
    authorize_fn=authorize_id(SpiffeId("spiffe://example.org/client-service")),
)

listener = listen("localhost:8443", x509_source, options)

Client Connection

# Establish a secure connection to a TLS server
from spiffetls import dial
from spiffe import SpiffeId, X509Source
from spiffetls.tlsconfig.authorize import authorize_id

x509_source = X509Source()

conn = dial(
    "localhost:8443",
    x509_source,
    authorize_fn=authorize_id(SpiffeId("spiffe://example.org/server")),
)

Authorization Functions

The package supports custom authorization functions for additional certificate validation:

  • authorize_any(): Accepts any SPIFFE ID.
  • authorize_id(): Validates a specific SPIFFE ID.
  • authorize_one_of(): Allows any ID from a set of allowed SPIFFE IDs.
  • authorize_member_of(): Permits any ID from a specific trust domain.

Contributing

We welcome contributions to the spiffe-tls package! Please see our contribution guidelines for more details. For feedback and issues, please submit them through the GitHub issue tracker.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spiffe_tls-0.1.4.tar.gz (11.6 kB view details)

Uploaded Source

Built Distribution

spiffe_tls-0.1.4-py3-none-any.whl (15.5 kB view details)

Uploaded Python 3

File details

Details for the file spiffe_tls-0.1.4.tar.gz.

File metadata

  • Download URL: spiffe_tls-0.1.4.tar.gz
  • Upload date:
  • Size: 11.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.4 CPython/3.9.20 Linux/6.5.0-1025-azure

File hashes

Hashes for spiffe_tls-0.1.4.tar.gz
Algorithm Hash digest
SHA256 cc0442d72730ac46b92a6f2ef9a42ca188ba7bf6a49c9cb52ed454aab2bfe35c
MD5 9d0c3be677dab035f5a2102cff19096c
BLAKE2b-256 43b41aca1b8a3214b30eea3260e65a74a0dcbefaf69cef91ec4ad4deefb51390

See more details on using hashes here.

File details

Details for the file spiffe_tls-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: spiffe_tls-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 15.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.4 CPython/3.9.20 Linux/6.5.0-1025-azure

File hashes

Hashes for spiffe_tls-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 f05b6ecd975053d910a5f8868855841a44d65e580100d08db36ec3e8c336e1d8
MD5 6bd911f292d5ba1e0d38b9570aacffdd
BLAKE2b-256 75fd855f10ad643451b4ca060366f53ec9c904538e3b8168689f5037b6c741f7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page