SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE is an implementation of SPIFFE that provides a solid bedrock for secure infrastructure – at least that’s what we hope! In this talk, we’ll attempt to rationalize that notion. We’ll introduce a formalized threat model for SPIRE and show how it helps suggest practical security improvements. First, we’ll introduce the components of SPIFFE and show how applications can use it to build secure service-level authorization systems. Then we’ll show how the components of SPIRE work together to enforce useful security properties. Finally, we’ll walk through our findings and show some of the incremental improvements we’ve made to strengthen SPIRE.