Skip to main content

Network Requirements

Defakto components connect to the following public endpoints. Ensure these are accessible from your environment before proceeding with installation. You may need to allow list these endpoints in egress filtering systems for your organization.

Management tooling

These endpoints are used by Defakto's web UI and spirlctl.

EndpointPurpose
api.spirl.com:443Management API
app.spirl.com:443Management web UI
auth.api.spirl.com:443Authentication for web and CLI

Self-hosted Trust Domain Server

Self-hosted Trust Domain Servers will connect to these endpoints.

EndpointPurpose
auth.cp.spirl.com:443Authenticates a server with the Control Plane
events.cp.spirl.com:443Receives events (e.g. SVID issuance) from servers
relay-web.cp.spirl.com:443Persistent management connection to the Control Plane

Hosted Trust Domain Server

Defakto Agents connecting to a hosted Trust Domain Server need access to these endpoints.

EndpointPurpose
*.agent.spirl.com:443Agent API provided by the Trust Domain Server

Federation

Defakto's federation infrastructure is hosted at these endpoints

EndpointPurpose
fed.spirl.org:443SPIFFE Bundle and OIDC metadata