Cofide Go SDK

cofide-sdk-go is an open source Go SDK for building SPIFFE-native applications with Cofide Connect. It provides drop-in HTTP client and server wrappers with automatic SPIFFE-based mTLS, along with utilities for working with SPIFFE IDs.

Installation

go get github.com/cofide/cofide-sdk-go

Important

The SDK requires the SPIFFE Workload API socket to be available in the environment (e.g. via spiffe-enable) before connections are made.

HTTP Client

The http/client package extends the Go standard library http.Client with automatic SPIFFE-based mTLS. On first use it will await the SPIFFE Workload API to become ready, fetch the workload’s X.509 SVID, and seamlessly configure the transport for mutual TLS. HTTP URLs are automatically upgraded to HTTPS.

import (
    "log"
    cofideclient "github.com/cofide/cofide-sdk-go/http/client"
)

client := cofideclient.NewClient()

resp, err := client.Get("http://other-service.production.svc.cluster.local/api/v1/resource")
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

This implementation conforms to the same interface as http.Client — Do, Get, Head, Post, and PostForm — therefore it can be used as a direct replacement with no other code or configuration changes.

HTTP Server

Similarly, the Cofide SDK http/server package extends Go’s http.Server to serve over mTLS. Pass your existing http.Server value to NewServer and the SDK injects the SPIFFE-derived TLS configuration before the listener starts.

import (
    "log"
    "net/http"
    cofideserver "github.com/cofide/cofide-sdk-go/http/server"
)

mux := http.NewServeMux()
// Register your handler function
mux.HandleFunc("/api/v1/resource", handler)

srv := cofideserver.NewServer(&http.Server{
    Addr:    ":8443",
    Handler: mux,
})

if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
    log.Fatal(err)
}

For a complete example of a client and server communicating over SPIFFE-based mTLS using the Cofide Go SDK, see the ping-pong-cofide demo in the cofide-demos repository.

SPIFFE ID Utilities

The pkg/id package provides an extended SPIFFE ID utility, which encodes structured metadata as key-value path segments in the ID:

spiffe://<trust-domain>/<key>/<value>/<key>/<value>/...

import (
    "log"
    "github.com/cofide/cofide-sdk-go/pkg/id"
)

// Create a new SPIFFE ID from a trust domain and key-value attributes.
spiffeID, err := id.NewID("example.org", map[string]string{
    "ns": "production",
    "sa": "billing",
})
if err != nil {
    log.Fatal(err)
}
// spiffe://example.org/ns/production/sa/billing

// Parse an existing SPIFFE ID string.
parsed, err := id.ParseID("spiffe://example.org/ns/production/sa/billing")
if err != nil {
    log.Fatal(err)
}

// Retrieve the key-value attributes from the path.
attrs, err := id.ParsePath(parsed)
if err != nil {
    log.Fatal(err)
}
// map[string]string{"ns": "production", "sa": "billing"}