A few weeks ago, we announced native support for AI agents in HashiCorp Vault through an early access program. We’re now making these capabilities available to all Vault Enterprise customers in public preview.
As organizations deploy AI agents, one of the biggest challenges is controlling what those agents are authorized to do. Traditional identity-based permissions often grant broad access that persists beyond a single task, increasing the risk of over-authorization.
This public preview introduces a secure-by-default approach to agent authorization that evaluates access for each request, helping organizations enforce least privilege for AI agents at scale. It also makes these capabilities easier to operationalize with improved configuration workflows and broader ecosystem support.
Enforcing authorization details by default: establishing a secure baseline
In earlier work, we introduced ephemeral, per-request authorization to tightly scope what agents can do. This public preview builds on that foundation by making the `authorization_details`claim (a part of the OAuth 2.0 Rich Authorization Requests specification) required by default for OAuth-based authentication.
Rich Authorization Requests are a new standard for this kind of per-request permission constrained workflow. They are defined in RFC 9396 and are part of the IETF's OAuth 2.0 specification. They enable authorization to be expressed as structured, fine-grained data within the token itself. The `authorization_details` claim carries this information, allowing access to be scoped to specific actions or resources for each request rather than relying on broad, identity-based permissions.
By requiring `authorization_details` by default, Vault establishes a secure baseline for agent-based workflows. Requests without these fine-grained authorization details are rejected unless configured otherwise. This ensures that authorization is evaluated in the context of each request, significantly reducing the risk of over-authorization.
As a result, customers can:
· Enforce fine-grained, per-request authorization
· Reduce reliance on broad, long-lived permissions
· Establish clear, auditable authorization scope for each agent action
Customers can configure behavior on a per–OAuth resource server or per–agent registration basis, balancing secure-by-default behavior with the flexibility needed to integrate with their current environments.
Managing agent identity and OAuth resource server configuration with the Terraform Vault Provider
Establishing a secure, request-scoped authorization model is only part of the challenge. Organizations also need a consistent way to configure and manage these controls at scale.
This public preview introduces new functionality in the Terraform Vault Provider, enabling teams to manage Vault’s agentic capabilities as code.
Customers can now define and manage both agent identity and OAuth resource server configuration using infrastructure as code. These capabilities are exposed through two new resources:
· vault_agent_registration
· vault_oauth_resource_server_config_profile
Together, they enable a consistent model for defining how agents are registered, how requests are validated, and what access is allowed.
Manage Agent Registry records with Terraform
The vault_agent_registration resource allows customers to manage agent identities through the Vault Agent Registry using Terraform.
With this resource, customers can:
· Register agents declaratively
· Associate each agent with a Vault identity entity
· Define ceiling policies to enforce maximum permission limits
· Optionally disable default ceiling policies
· Import existing registrations by display name or ID
· Manage agent registrations consistently across Vault namespaces
This brings agent governance directly into infrastructure-as-code workflows. By defining agent registrations as code, organizations can ensure that every agent is explicitly registered, tied to a verified identity, and consistently governed by clearly defined permission limits.
Manage OAuth resource server configuration profiles with Terraform
The vault_oauth_resource_server_config_profile resource allows customers to define how Vault validates JWTs used during OAuth-based authentication.
With this resource, customers can:
· Define OAuth resource server profiles declaratively
· Configure expected JWT issuer IDs
· Validate JWTs using either JWKS endpoints or static public keys
· Restrict accepted audiences
· Control supported signing algorithms
· Specify which claim Vault uses for identity
· Configure token validation behavior such as JWT type, clock skew, and enablement
· Manage profiles consistently across Vault namespaces
These profiles configure Vault’s OAuth resource server behavior, defining how OAuth 2.0 JWTs are validated and used to authorize requests to Vault for agentic workflows. They ensure that incoming tokens, including any authorization detail claims, meet expected validation criteria before being used in authorization decisions.
Alongside agent registration, this creates a model where requests are validated, mapped to an identity, and authorized within clearly defined constraints, with `authorization_details` enabling authorization to be scoped to each request . This limits access strictly to what is required for that request.
Validated with identity ecosystems
As organizations integrate Vault into existing identity architectures, interoperability is critical.
Vault’s OAuth 2.0 workflows, including those using OAuth 2.0 Rich Authorization Requests, have been validated with identity platforms to support both human-in-the-loop and autonomous agent use cases . This includes validation with IdPs such as IBM Verify, Auth0, and Microsoft Entra.
These integrations demonstrate how Vault can operate within today’s identity ecosystem while enabling more advanced, agent-centric authorization models. Additional tutorials and implementation guidance will be available soon to help customers integrate Vault with their identity systems and adopt these workflows in practice.
Learn more
We are continuing to expand Vault’s agentic security capabilities and welcome direct feedback. To help shape the roadmap, consider joining the Vault Agentic Security Beta Program. Beta features are available to all customers.
from HashiCorp Blog https://ift.tt/rlQw8Ui
via IFTTT
No comments:
Post a Comment