AI Agents Guide

Agent Identity

Create and manage cryptographic identities for AI agents with embedded permissions and safety constraints.

Estimated time: 10 minutes

Key Features

Short-lived certificates (1 hour default TTL)

Unique agent identifiers for audit trails

Embedded permissions and constraints

Automatic credential rotation

Certificate revocation support

Integration with existing PKI

Create Agent Identity

tacctl agents create \
  --name="data-analyzer" \
  --description="AI agent for data analysis" \
  --owner="ml-team@company.com"

Assign Permissions

tacctl agents permissions set data-analyzer \
  --allow="database:read:analytics-*" \
  --allow="api:invoke:reporting/*" \
  --deny="database:write:*"

Generate Credentials

# Via CLI
tacctl agents credentials data-analyzer --ttl=1h

# Via SDK
creds = ta.agents.get("data-analyzer").get_credentials(
    ttl="1h",
    reason="Scheduled data analysis job"
)

Next Steps

Now that your agent has an identity, configure safety controls.

Configure Safety Controls