Skip to main content

Network Requirements

Defakto components connect to the following public endpoints. Ensure these are accessible from your environment before proceeding with installation. You may need to allow list these endpoints in egress filtering systems for your organization.

Management tooling

These endpoints are used by Defakto's web UI and spirlctl.

EndpointPurpose
api.defakto.security:443Management API (console.defakto.security)
console.defakto.security:443Management web UI
auth.api.defakto.security:443Authentication for the web UI
api.spirl.com:443Management API (legacy app.spirl.com console)
app.spirl.com:443Legacy management web UI
auth.api.spirl.com:443Authentication for the spirlctl CLI and legacy web UI

Self-hosted Trust Domain Server

Self-hosted Trust Domain Servers will connect to these endpoints.

EndpointPurpose
auth.cp.spirl.com:443Authenticates a server with the Control Plane
events.cp.spirl.com:443Receives events (e.g. SVID issuance) from servers
relay-web.cp.spirl.com:443Persistent management connection to the Control Plane

Hosted Trust Domain Server

Defakto Agents connecting to a hosted Trust Domain Server need access to these endpoints.

EndpointPurpose
*.agent.spirl.com:443Agent API provided by the Trust Domain Server

Federation

Defakto's federation infrastructure is hosted at these endpoints

EndpointPurpose
fed.spirl.org:443SPIFFE Bundle and OIDC metadata