TLS Support using SPIFFE

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for maxlambrecht from gravatar.com maxlambrecht

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache-2.0)

Author: Max Lambrecht

Requires: Python <4.0, >=3.9

Classifiers

Project description

spiffe-tls package (experimental)

Overview

The spiffe-tls package, part of the py-spiffe library, streamlines the establishment of secure TLS connections using SPIFFE certificates. Powered by pyOpenSSL, it provides straightforward utilities for configuring TLS clients and servers. Currently experimental, spiffe-tls facilitates the seamless integration of SPIFFE for the automatic management of X.509 certificates and CA trust bundles via X509Source from the spiffe package.

Key Features

  • TLS connections with SPIFFE ID validation.
  • Mutual TLS (MTLS) support for authenticated client-server communication.
  • Customizable server and client TLS configurations.

Quick Start

Server Setup

# Create a TLS server with SPIFFE-based MTLS
from spiffetls import listen, ListenOptions
from spiffe import SpiffeId, X509Source
from spiffetls.mode import ServerTlsMode
from spiffetls.tlsconfig.authorize import authorize_id

x509_source = X509Source()
options = ListenOptions(
    tls_mode=ServerTlsMode.MTLS,
    authorize_fn=authorize_id(SpiffeId("spiffe://example.org/client-service")),
)

listener = listen("localhost:8443", x509_source, options)

Client Connection

# Establish a secure connection to a TLS server
from spiffetls import dial
from spiffe import SpiffeId, X509Source
from spiffetls.tlsconfig.authorize import authorize_id

x509_source = X509Source()

conn = dial(
    "localhost:8443",
    x509_source,
    authorize_fn=authorize_id(SpiffeId("spiffe://example.org/server")),
)

Authorization Functions

The package supports custom authorization functions for additional certificate validation:

  • authorize_any(): Accepts any SPIFFE ID.
  • authorize_id(): Validates a specific SPIFFE ID.
  • authorize_one_of(): Allows any ID from a set of allowed SPIFFE IDs.
  • authorize_member_of(): Permits any ID from a specific trust domain.

Contributing

We welcome contributions to the spiffe-tls package! Please see our contribution guidelines for more details. For feedback and issues, please submit them through the GitHub issue tracker.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for maxlambrecht from gravatar.com maxlambrecht

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache-2.0)

Author: Max Lambrecht

Requires: Python <4.0, >=3.9

Classifiers

Release history Release notifications | RSS feed

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spiffe_tls-0.1.2.tar.gz (11.5 kB view hashes)

Uploaded Source

Built Distribution

spiffe_tls-0.1.2-py3-none-any.whl (15.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page