Comment by tuananh
12 hours ago
how do you deal with "access to the proxy"? because one can access maliciously without accessing to the token/secret.
12 hours ago
how do you deal with "access to the proxy"? because one can access maliciously without accessing to the token/secret.
Agent Vault should remain in close proximity to the sandboxed agent and not be exposed to the public internet; your standard network security controls apply.
The proxy itself currently implements a token-based auth scheme. Depending on your setup, you can have an orchestrator mint an ephemeral token to be passed to a sandboxed agent to authenticate with the proxy.
this feels like vpn all over again. the location shouldn't grant any inherent trust.
[dead]