← all work
Designer
Per-Agent Identity & Zero-Trust Governance
Each agent gets a distinct user, secret scope, and ServiceAccount. Same primitives any enterprise already uses for humans — applied to agents.
summary
Each AI agent gets a distinct user, secrets scope, and ServiceAccount. Narrowly scoped policies prevent lateral movement; compromise of one agent identity does not enable compromise of others.
highlights
- OIDC + AppRole + kubernetes-auth as the same control plane for human and agent principals.
- Per-agent KV-path scoping; cross-agent secret reads explicitly denied.
- Audit attribution stays meaningful — every privileged action is traceable to a specific agent identity.
stack
VaultKubernetes RBACOPAOIDC