- Support for using Google Cloud Key Management Service to create, maintain, and rotate server key pairs
- Ability to have separate X.509-SVID and JWT-SVID TTLs, which can be configured both at the entry-level and server default level
- Experimental support for limiting the number of SVIDs in the agent's cache
- Experimental Windows support
- Key Revocation and Forced Rotation (In Progress)
- Provide a turn-key Kubernetes experience that adheres to security best practices (In Progress)
- Deprecate the Notifier plugin interface in favor of a BundlePublisher interface, implementing plugins that push bundles to remote locations (In Progress)
- Support for supply chain provenance attestation by verification of binary signing (e.g. TUF/notary/in-toto metadata validation)
- Secretless authentication to Google Compute Platform by expanding OIDC Federation integration support
- Re-evaluate SPIRE Server API authorization
- Ensure error messages are indicative of a direction towards resolution
- Secretless authentication to Microsoft Azure by expanding OIDC Federation integration support
Thank you to @anjaltelang for helping the SPIRE team keep this roadmap accurate and up-to-date 🎉