Skip to main content

Create a SPIFFE Trust Domain

To provision a new Defakto-managed trust domain, type the following:

./spirlctl trust-domain create example.com --managed
note

The --managed flag creates a Defakto-hosted trust domain. Without it, a self-hosted trust domain is created by default. To deploy a self-hosted Trust Domain Server instead, see the self-hosted installation guide.

On success you'll see:

Managed trust domain 'example.com' created successfully
ID: td-xxxxxxxxxx
warning

Choose trust domain names carefully. They become part of all SPIFFE IDs issued within the domain and cannot be easily changed later.

Verify the trust domain is ready with:

./spirlctl trust-domain list

Look for available in the State column — that indicates the trust domain is ready to use:

Name         ID             State      SPIRL-hosted  Clusters  Federations  Agents
example.com  td-xxxxxxxxxx  available  true          0/0       0/0          0