Cloud Native Security Glossary

Definitions for SPIFFE, SPIRE, Zero Trust, workload identity, mTLS, OPA, Falco, and more cloud-native security terms.

Use this glossary when reading CodersSecret courses, security guides, and production architecture articles. Each term links to a concise explanation and related operational context.

• SPIFFE: Secure Production Identity Framework For Everyone — CNCF standard for workload identity.
• SPIRE: SPIFFE Runtime Environment — production implementation that issues and manages workload identities.
• Zero Trust: Security architecture: never trust, always verify. Every request authenticated regardless of network location.
• Workload Identity: Cryptographic identity for services and containers — replaces shared secrets and API keys.
• mTLS: Mutual TLS — both client and server verify certificates. Foundation of Zero Trust communication.
• SVID: SPIFFE Verifiable Identity Document — X.509 certificate or JWT proving workload identity.
• OPA: Open Policy Agent — CNCF policy engine for policy-as-code with Rego language. Practical definition for cloud-native security, platform engineering, and production architecture decisions.
• Falco: CNCF runtime security tool — monitors syscalls and alerts on suspicious container behavior.
• Service Mesh: Infrastructure layer of sidecar proxies handling mTLS, load balancing, and observability.
• Sigstore: Keyless container image signing and verification for supply chain security. Practical definition for cloud-native security, platform engineering, and production architecture decisions.