apd

Short-lived cryptographic identities for AI agents — no API keys, no shared secrets.

sandboxIdentity & securityMIT OR Apache-2.0
~11 MB
distroless image
69
tests incl. e2e
draft-09
AAuth spec tracked
3
storage backends

apd implements the Agent Provider role of the AAuth protocol family (IETF drafts): it issues short-lived Ed25519 agent tokens that bind a signing key to a stable identity like aauth:local@your-domain, and publishes the JWKS anyone needs to verify those tokens statelessly. Relying parties never call apd — verification is pure cryptography.

The result is agent identity without API keys: a workload proves itself once (Kubernetes service account, CI OIDC, PKI, SPIFFE — secret-free federated enrollment), gets a token measured in minutes, and signs its requests per RFC 9421. Revocation is a non-event; the token expires on its own.

It is honestly labeled a sandbox project: the spec it tracks is a moving draft, and the implementation moves with it. The crypto core is tested against the RFC 8037/7638/7515 vectors, and the whole thing ships as a single self-hosted binary that grows into a Redis-backed fleet.

In the stack, apd is the identity layer agentd authenticates with and agentctl provisions automatically per-agent.

Related projects