Automic VaultAutomic Vault

brew

Install spiffe-helper with Homebrew, Nix

Tool that can be used to retrieve and manage SVIDs on behalf of a workload. Version 0.11.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install spiffe-helper

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#spiffe-helper

nixpkgs package indexes · pkgs/by-name/sp/spiffe-helper/package.nix · source: api.github.com

overview

Package summary

Tool that can be used to retrieve and manage SVIDs on behalf of a workload

Commands and aliases

  • spiffe-helper

history

Project history and usage

SPIFFE Helper is a small command-line utility in the SPIFFE ecosystem for fetching and renewing SVID material from the SPIFFE Workload API on behalf of another process.

Project history

The public GitHub repository was created in October 2017. Its README describes the tool as a helper that fetches X.509 SVID certificates, launches or signals a process that uses them, and refreshes certificates before expiry.

Adoption history

Its package-manager footprint is niche but practical: the input records Homebrew and Nix packages, matching the kind of operator tool that appears in Unix package sets once workload identity moves from platform design into day-to-day deployment.

How it is used

Typical use is `spiffe-helper -config <config_file>`, with `helper.conf` as the documented default. The README documents daemon and one-shot modes, file output under a configured certificate directory, and integration patterns where a supervisor such as systemd owns the real service.

Why package nerds care

Package maintainers care about SPIFFE Helper because it turns SPIFFE/SPIRE workload identity into ordinary files and signals: a familiar Unix packaging surface for certificates, keys, bundles, and reload hooks.

Timeline

  • 2017: Public GitHub repository created.
  • 2025: v0.10.0 added health-server related changes in the release notes.
  • 2025: v0.11.0 release notes include a new `-version` flag.

Related projects

  • SPIFFE
  • SPIRE
  • go-spiffe
  • systemd
  • ghostunnel

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
helper.conf

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
certs/svid.pemcerts/svid_key.pemcerts/svid_bundle.pemcerts/jwt_svid.tokencerts/bundle.json

executables

Installed executables

CommandKindExposureNote
spiffe-helpercliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.11.0
manager updated
local dataok
upstreamcurrent
latest detectedv0.11.0

https://github.com/spiffe/spiffe-helper

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:spiffe-helper
Version0.11.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/spiffe-helper
Homepagehttps://github.com/spiffe/spiffe-helper
Repositoryhttps://github.com/spiffe/spiffe-helper
Upstream docshttps://github.com/spiffe/spiffe-helper#readme
LicenseApache-2.0
Source archivehttps://github.com/spiffe/spiffe-helper/archive/refs/tags/v0.11.0.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namespiffe-helper
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

spiffe-helper

nix profile install nixpkgs#spiffe-helper
  • normalized package name match
  • Matched by: Spiffe Helper
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/sp/spiffe-helper/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment