Rust SPIFFE
A Rust library for interacting with the SPIFFE Workload API.
It provides idiomatic access to SPIFFE identities and trust material, including:
- X.509 SVIDs and bundles
- JWT SVIDs and bundles
- Streaming updates (watch semantics)
- Strongly typed SPIFFE primitives compliant with the SPIFFE standards
For background on SPIFFE, see https://spiffe.io.
For the Workload API specification, see the
SPIFFE Workload API standard.
Installation
Add spiffe to your Cargo.toml:
[]
= "0.6.7"
This includes both SPIFFE core types and a Workload API client.
Quick Start
Create a Workload API client
Using an explicit socket path:
use WorkloadApiClient;
let client = new_from_path.await?;
Or via the SPIFFE_ENDPOINT_SOCKET environment variable:
use WorkloadApiClient;
let client = default.await?;
X.509 identities
Fetch X.509 materials directly
use ;
let svid = client.fetch_x509_svid.await?;
let bundles = client.fetch_x509_bundles.await?;
let context: X509Context = client.fetch_x509_context.await?;
let trust_domain = try_from?;
let bundle = bundles.get_bundle?;
Watch for updates
let mut stream = client.stream_x509_contexts.await?;
while let Some = stream.next.await
X.509Source (recommended)
X509Source maintains a locally cached, automatically refreshed view of X.509
SVIDs and bundles.
use X509Source;
let source = new.await?;
// Default SVID
let svid = source.get_svid?.expect;
// Bundle for a trust domain
let bundle = source
.get_bundle_for_trust_domain?
.expect;
JWT identities
Fetch and validate JWT SVIDs
use ;
let spiffe_id = try_from?;
let jwt = client
.fetch_jwt_svid
.await?;
Fetch JWT bundles
use TrustDomain;
let bundles = client.fetch_jwt_bundles.await?;
let trust_domain = try_from?;
let bundle = bundles.get_bundle?;
Watch JWT bundle updates
let mut stream = client.stream_jwt_bundles.await?;
while let Some = stream.next.await
Documentation
API documentation and additional examples are available on docs.rs.
License
Licensed under the Apache License, Version 2.0. See LICENSE for details.