TLS Support using SPIFFE
Project description
spiffe-tls
package (experimental)
Overview
The spiffe-tls
package, part of the py-spiffe library, streamlines the
establishment of secure TLS connections using SPIFFE certificates. Powered
by pyOpenSSL, it provides straightforward utilities for configuring TLS clients
and servers. Currently experimental, spiffe-tls
facilitates the seamless integration of SPIFFE for the automatic
management of X.509 certificates and CA trust bundles via X509Source
from
the spiffe package.
Key Features
- TLS connections with SPIFFE ID validation.
- Mutual TLS (MTLS) support for authenticated client-server communication.
- Customizable server and client TLS configurations.
Quick Start
Server Setup
# Create a TLS server with SPIFFE-based MTLS
from spiffetls import listen, ListenOptions
from spiffe import SpiffeId, X509Source
from spiffetls.mode import ServerTlsMode
from spiffetls.tlsconfig.authorize import authorize_id
x509_source = X509Source()
options = ListenOptions(
tls_mode=ServerTlsMode.MTLS,
authorize_fn=authorize_id(SpiffeId("spiffe://example.org/client-service")),
)
listener = listen("localhost:8443", x509_source, options)
Client Connection
# Establish a secure connection to a TLS server
from spiffetls import dial
from spiffe import SpiffeId, X509Source
from spiffetls.tlsconfig.authorize import authorize_id
x509_source = X509Source()
conn = dial(
"localhost:8443",
x509_source,
authorize_fn=authorize_id(SpiffeId("spiffe://example.org/server")),
)
Authorization Functions
The package supports custom authorization functions for additional certificate validation:
authorize_any()
: Accepts any SPIFFE ID.authorize_id()
: Validates a specific SPIFFE ID.authorize_one_of()
: Allows any ID from a set of allowed SPIFFE IDs.authorize_member_of()
: Permits any ID from a specific trust domain.
Contributing
We welcome contributions to the spiffe-tls
package! Please see
our contribution guidelines for more
details. For feedback and issues, please submit them through
the GitHub issue tracker.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for spiffe_tls-0.1.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6e3bcf2479172cb532daeda10e1f7c3708f0bfa1e3286bfac4de493ad0344c90 |
|
MD5 | 6a2a1526a9dacd521b1e956069caa0bd |
|
BLAKE2b-256 | 16b1473f2d1e3773f8e10a904b0d7def7f29d3c1fe5ab1e8ca9116b6dc9cdedf |