Project Galadriel, or just Galadriel, is an open source project that enables scalable and easy configuration of Federation relationships among SPIRE Servers. It works as a central hub for managing and auditing Federation relationships.
- Alternative approach to SPIRE Federation: it's built on top of SPIRE APIs to facilitate foreign Trust Bundles management.
- Multi-tenant: multiple organizations can leverage the same Galadriel deployment, while ensuring data and operations isolation.
- Federation at scale: configuring multiple SPIRE Server federation should be easy and secure by default, that is Galadriel's main focus.
- Central hub: it's a central place where federation relationships can be defined and audited.
- A replacement of SPIRE/SPIFFE Federation: it doesn't replace SPIRE Federation, it leverages what's already built in there.
- A SPIRE plugin: it's deployed as a separate component, not as a SPIRE plugin.
- Learn how to run the Proof of Concept (v0.1.0) here
- Configuration and CLI Usage instructions
Project Galadriel is an open source project under the Apache 2 license, and as such, any kind of contribution is welcome, being documentation, new features, bugfixing, issues, etc. Check out our Contributing guidelines to learn how we manage contributions, and the Governance policy to learn about the different roles in the project.
Project Galadriel has currently reached the Proof of Concept milestone (v0.1.0). Refer to the Roadmap to learn what's next.
Please feel free to check out our Design Document, where you can find more information about the architecture and future plans for Galadriel. Comments and suggestions are welcome and highly appreciated.
- SPIRE Bridge: an Alternative Approach to SPIFFE Federation - Juliano Fantozzi, Maximiliano Churichi / SPIFFE Community Day Fall 2022 (October 2022) / video, slides, demo
- Galadriel - A SPIRE Federation Alternative - William Barrera Fuentes / HPE Developer Community (October 2022) / blog post
Please refer to the Security policy to learn more about security updates and reporting potential vulnerabilities.