Roadmap

Near-Term

• Support for JWT-SVID in Nested SPIRE Topologies
• An updated version of SPIRE Management APIs
• Expand existing client libraries (Go-spiffe)

Medium-Term

• Key Revocation and Forced Rotation
• Clustering of SPIRE Servers without the use of an external database
• Support for supply chain provenance attestation by verification of binary signing (TUF, in-toto)
• Expand support of TPM node attestation to provide first-class verification and identification of TPM metadata

Long-Term

• Use SPIRE on workloads running on platforms where installing an agent is not possible
• Secretless authentication to Google Compute Platform by expanding OIDC Federation integration support
• Secretless authentication to Microsoft Azure by expanding OIDC Federation integration support