Spiffe 0.0.1

Prefix Reserved

dotnet add package Spiffe --version 0.0.1

NuGet\Install-Package Spiffe -Version 0.0.1

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Spiffe" Version="0.0.1" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Spiffe" Version="0.0.1" />
                    

                            Directory.Packages.props

<PackageReference Include="Spiffe" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Spiffe --version 0.0.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Spiffe, 0.0.1"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Spiffe@0.0.1

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Spiffe&version=0.0.1
                    

                            Install as a Cake Addin

#tool nuget:?package=Spiffe&version=0.0.1
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

C# SPIFFE Library

Overview

The C# SPIFFE library provides functionality to interact with the Workload API to fetch X.509 and JWT SVIDs and Bundles.

C# implementation of spiffe/go-spiffe.

This library requires .NET 8.0 or higher.

NuGet Package

IMPORTANT
This is a prerelease version and it's not ready for use in production.

Quick Start

Start SPIRE or another SPIFFE Workload API implementation.

To create an mTLS Kestrel server:

WebApplicationBuilder builder = WebApplication.CreateBuilder();
using GrpcChannel channel = GrpcChannelFactory.CreateChannel("unix:///tmp/agent.sock");
IWorkloadApiClient client = WorkloadApiClient.Create(channel);
using X509Source x509Source = await X509Source.CreateAsync(client);
builder.WebHost.UseKestrel(kestrel =>
{
    kestrel.Listen(IPAddress.Any, 8443, listenOptions =>
    {
        listenOptions.UseHttps(new TlsHandshakeCallbackOptions
        {
            // Configure mTLS server options
            OnConnection = ctx => ValueTask.FromResult(
                SpiffeSslConfig.GetMtlsServerOptions(x509Source, Authorizers.AuthorizeAny())),
        });
    });
});

To dial an mTLS server:

GrpcChannel channel = GrpcChannelFactory.CreateChannel("unix:///tmp/agent.sock");
IWorkloadApiClient client = WorkloadApiClient.Create(channel);
X509Source x509Source = await X509Source.CreateAsync(client);
HttpClient http = new(new SocketsHttpHandler()
{
    // Configure mTLS client options
    SslOptions = SpiffeSslConfig.GetMtlsClientOptions(x509Source, Authorizers.AuthorizeAny()),
});

The client and server obtain X509-SVIDs and X.509 bundles from the SPIFFE Workload API. The X509-SVIDs are presented by each peer and authenticated against the X.509 bundles. Both sides continue to be updated with X509-SVIDs and X.509 bundles streamed from the Workload API (e.g. secret rotation).

Examples

The samples directory contains examples for a variety of circumstances.

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Google.Protobuf (>= 3.30.2)
- Grpc.Net.Client (>= 2.70.0)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.8.0)
net9.0
- Google.Protobuf (>= 3.30.2)
- Grpc.Net.Client (>= 2.70.0)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.8.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
0.0.1	410	4/15/2025
0.0.1-beta.11	91	2/26/2025
0.0.1-beta.10	194	11/6/2024
0.0.1-beta.9	71	11/6/2024
0.0.1-beta.6	71	8/27/2024
0.0.1-beta.5	84	4/7/2024
0.0.1-beta.4	88	3/23/2024
0.0.1-beta.3	84	3/23/2024
0.0.1-beta.2	84	3/23/2024
0.0.1-beta.1	83	3/23/2024