Roadmap

Coming up

• Break-glass mode to temporarily allow expired certificates while troubleshooting infrastructure unavailability
• Refactor the SPIRE Server APIs to be more granular, approachable, clear in purpose, and generalized
• Documentation and integrations for critical use cases
• Improve client libraries (Go and Java)
• Simplify upgrades to new versions and simplify technical debt around datastore plugins

Medium-Term

• Key Revocation and Forced Rotation
• Ensure error messages are indicative of a direction towards resolution
• Productionize Kubernetes deployments to adhere to security best practices
• Expand support of TPM node attestation to provide first-class verification and identification of TPM metadata
• Improve health-check subsystem
• How does core SPIRE expose service facilities to to plugins and plugins expose services SPIRE core can utilize in exchange.

Long-Term

• Use SPIRE on workloads running on platforms where installing an agent is not possible
• Support for supply chain provenance attestation by verification of binary signing (TUF, in-toto)
• Secretless authentication to Google Compute Platform by expanding OIDC Federation integration support
• Secretless authentication to Microsoft Azure by expanding OIDC Federation integration support
• Support for Transitive Identity