Agentic Access Management

A key opens the door forever. A latch opens once.

Cipherlatch is the broker between your AI agents and everything they can reach. Instead of a standing key, each agent presents a scoped, verifiable cipher for a single request — the latch opens for minutes, then closes. Keys stay in your custody; revoke any agent in one call.

AGPL-3.0 core FIPS-mode crypto Self-hosted or managed
credential broker · live
no long-lived secrets issued ● brokering

The exposure

Every agent you deploy is an identity you can't see, scope, or shut off.

Agents authenticate with the credentials a human handed them: a long-lived API key, a service-account secret, an OAuth refresh token. Multiply that across every tool an agent touches and you've built an access surface no one owns and no audit can reconstruct.

RISK 01

Standing secrets, unbounded blast radius

A leaked agent key is valid until someone notices and rotates it by hand. Until then it carries every permission the agent was ever granted.

RISK 02

No least privilege

Agents inherit broad, static roles because scoping each call is impractical. One prompt-injected agent reaches everything the credential can.

RISK 03

Nothing to hand the auditor

Which agent used which credential, against which resource, when? Without a broker in the path, the answer is reconstructed from partial logs — or not at all.

The broker in the path

Put Cipherlatch between the agent and the resource. Nothing standing ever leaves.

Agents don't hold credentials — they ask Cipherlatch for access at the moment of use. The broker mints a short-lived, cryptographically bound token scoped to that request, records it, and can kill it instantly.

STEP 01

Agent requests access

The agent presents its own workload identity — no shared secret. Cipherlatch authenticates it against your IdP or a SPIFFE/OIDC federation trust.

SPIFFEOIDC federationSCIM 2.0
STEP 02

Broker issues scoped, short-lived credentials

Policy decides what's allowed, then Cipherlatch mints a sender-constrained token bound to the caller and scoped to the resource. It expires in minutes.

DPoPprivate_key_jwtOPA / Cedar
STEP 03

Revoke and prove it

Kill a credential, an agent, or a tenant in one call — the blast radius closes immediately. Every issue, deny, and revoke lands in a tamper-evident log.

Instant revocationAudit logRate + quota

What you control

The governance surface a security review actually asks about.

Cipherlatch maps to the controls you already have to answer for — least privilege, key custody, provisioning, separation of duties, and evidence.

Instant revocation

Revoke a single credential, a whole agent, or an entire tenant in one call. No waiting on token expiry, no manual key rotation.

credential · agent · tenant scope

Key custody, on your terms

Per-tenant keyrings backed by cloud KMS or HSM. Keys are generated, wrapped, and rotated inside a boundary you own — agents never see them.

HSM · cloud-KMS · AES-256-GCM

Federated workload identity

Trust agents by who they are, not by a shared secret. SPIFFE and OIDC federation let workloads across clusters and clouds authenticate directly.

SPIFFE · OIDC federation

Policy at the gateway

Every request passes an OPA or Cedar decision before a credential is minted. Rate limits and quotas cap what a compromised agent can do.

OPA · Cedar · rate + quota

Lifecycle provisioning

SCIM 2.0 syncs agents and owners from your directory, with owner-suspension that cascades to every credential the owner controls.

SCIM 2.0 · owner-suspension

Evidence, by default

Every issue, deny, and revoke is recorded with the caller, the scope, and the policy decision — configurable logging that satisfies the audit, not just the on-call.

FIPS-mode · tamper-evident log
audit stream · cipherlatch.com live
10:42:07.118 ISSUE svc-etl → postgres/prod scope=read:ledger ttl=5m dpop=ok
10:42:07.401 ALLOW policy=cedar/least-priv decision=permit q=812/5000
10:42:09.930 DENY llm-copilot → stripe/live scope=write:refund reason=out-of-policy
10:42:11.264 REVOKE agent=rpa-bot cascade=14 creds by=owner-suspension
10:42:12.088 ISSUE svc-etl → aws/s3 scope=get:reports/* ttl=3m kms=tenant-04

Open core

Run the whole broker for free. Pay only to root your keys in your own hardware.

Cipherlatch is self-hosted — your keys never leave your boundary, and we're never in a position to hold them. The commercial line isn't a paywall around SSO or basic auth; it's the HSM and per-tenant KMS backends that let you keep custody in hardware you control, at enterprise grade.

AGPL-3.0

Core

The full broker, self-hosted. No feature gates on the things every team needs.

  • Short-lived credential issuance
  • DPoP + private_key_jwt binding
  • Instant revocation + audit log
  • SPIFFE / OIDC federation, SCIM 2.0
  • Gateway policy, rate limits + quotas
  • Single sign-on — never a paid add-on

No SSO tax. No audit-log tax. You pay to keep custody in your own hardware — never to hand it to us.

Agentic Access Management

Give every agent exactly the access it needs — for exactly as long as it needs it.

Deploy the open-source broker today, or talk to us about custody-grade key handling in hardware you control.

Read the architecture