apd
Short-lived cryptographic identities for AI agents — no API keys, no shared secrets.
- ~11 MB
- distroless image
- 69
- tests incl. e2e
- draft-09
- AAuth spec tracked
- 3
- storage backends
apd implements the Agent Provider role of the AAuth protocol family (IETF
drafts): it issues short-lived Ed25519 agent tokens that bind a signing key
to a stable identity like aauth:local@your-domain, and publishes the JWKS
anyone needs to verify those tokens statelessly. Relying parties never call
apd — verification is pure cryptography.
The result is agent identity without API keys: a workload proves itself once (Kubernetes service account, CI OIDC, PKI, SPIFFE — secret-free federated enrollment), gets a token measured in minutes, and signs its requests per RFC 9421. Revocation is a non-event; the token expires on its own.
It is honestly labeled a sandbox project: the spec it tracks is a moving draft, and the implementation moves with it. The crypto core is tested against the RFC 8037/7638/7515 vectors, and the whole thing ships as a single self-hosted binary that grows into a Redis-backed fleet.
In the stack, apd is the identity layer agentd authenticates with and agentctl provisions automatically per-agent.