TLS Support using SPIFFE
Project description
spiffe-tls package (experimental)
Overview
The spiffe-tls package, part of the py-spiffe library, streamlines the
establishment of secure TLS connections using SPIFFE certificates. Powered
by pyOpenSSL, it provides straightforward utilities for configuring TLS clients
and servers. Currently experimental, spiffe-tls facilitates the seamless integration of SPIFFE for the automatic
management of X.509 certificates and CA trust bundles via X509Source from
the spiffe package.
Key Features
- TLS connections with SPIFFE ID validation.
- Mutual TLS (MTLS) support for authenticated client-server communication.
- Customizable server and client TLS configurations.
Quick Start
Server Setup
# Create a TLS server with SPIFFE-based MTLS
from spiffetls import listen, ListenOptions
from spiffe import SpiffeId, X509Source
from spiffetls.mode import ServerTlsMode
from spiffetls.tlsconfig.authorize import authorize_id
x509_source = X509Source()
options = ListenOptions(
tls_mode=ServerTlsMode.MTLS,
authorize_fn=authorize_id(SpiffeId("spiffe://example.org/client-service")),
)
listener = listen("localhost:8443", x509_source, options)
Client Connection
# Establish a secure connection to a TLS server
from spiffetls import dial
from spiffe import SpiffeId, X509Source
from spiffetls.tlsconfig.authorize import authorize_id
x509_source = X509Source()
conn = dial(
"localhost:8443",
x509_source,
authorize_fn=authorize_id(SpiffeId("spiffe://example.org/server")),
)
Authorization Functions
The package supports custom authorization functions for additional certificate validation:
authorize_any(): Accepts any SPIFFE ID.authorize_id(): Validates a specific SPIFFE ID.authorize_one_of(): Allows any ID from a set of allowed SPIFFE IDs.authorize_member_of(): Permits any ID from a specific trust domain.
Contributing
We welcome contributions to the spiffe-tls package! Please see
our contribution guidelines for more
details. For feedback and issues, please submit them through
the GitHub issue tracker.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file spiffe_tls-0.2.2.tar.gz.
File metadata
- Download URL: spiffe_tls-0.2.2.tar.gz
- Upload date:
- Size: 11.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.9.25 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
29a7b271e0cb2a9d790bd610d31487799c3e95c36e1c2476066742d9657a12e3
|
|
| MD5 |
796eb2d6ac80d1de6b5b1e52df034927
|
|
| BLAKE2b-256 |
8a45b3c2516ed4bfac484ee9438f234f242c0f970e68d1e05478508d8342290f
|
File details
Details for the file spiffe_tls-0.2.2-py3-none-any.whl.
File metadata
- Download URL: spiffe_tls-0.2.2-py3-none-any.whl
- Upload date:
- Size: 15.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.9.25 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e2c66f66e0500cbe2c10b6ad4bdf69be483114f118cba58a1d7ee107cf440010
|
|
| MD5 |
6518d4e05472384c7204162a82237765
|
|
| BLAKE2b-256 |
8b7f12995a61e8364d3e1f691a283e4a78c32731ffe69a257682dc530ad427b9
|