Workload Identity Hub

Cross-cloud identity federation.

Federate workload identities across clouds. SPIFFE-based identity for services, pods, and VMs. No long-lived credentials.

Create identity View docs
SPIFFEHubAWSGCPAzureK8s

SPIFFE

Standard

No long-lived

Creds

Federated

Multi-cloud

Hardware

Attestation

Identity, everywhere.

SPIFFE workload identity. Cross-cloud.

SPIFFE identity

Standard SPIFFE identity for every workload.

No static creds

Short-lived SVIDs instead of API keys.

Cross-cloud

Federate identities across AWS, GCP, Azure.

Hardware attestation

TPM-based workload attestation.

K8s native

Native integration with Kubernetes pod identity.

Policy engine

OPA-based authorization for workload access.

Getting started

Launch your first instance in three steps. CLI, console, or API — your choice.

Terminal
ur security wid register my-svc \
  --spiffe-id="spiffe://org/my-svc"\
  --attestation=k8s-sat

WID patterns.

Multi-cloud and service mesh identity.

Multi-cloud identity

Federated service identity across clouds.

View tutorial

Suggested configuration

SPIFFE · Cross-cloud · No static creds

Estimate your costs

Create detailed configurations to see exactly how much your architecture will cost. Pay for what you use, down to the second.

Configuration 1

Estimated: $212.00/mo

Workload Identity

Processing Volume

GB/mo

Add-ons

Compliance ReportsSOC 2, HIPAA, PCI-DSS reporting
Config 1 cost$212.00

Cost details

$212.00

Unified identity for multi-cloud and hybrid workloads.

Configuration 1
$212.00
100 Protected Resource(s)$200.00
Event Processing$10.00
30-day Log Retention$2.00
Share

Works seamlessly with

IAM
CA
ZTNA
Audit
Mesh
Monitor

Frequently asked questions

Identity, everywhere.

SPIFFE workload identity. No static credentials.

Create identity View docs