Security · Agent Identity & Access
3 of 7 agents hold a credential outside the standard
Every agent gets its credential from somewhere — and 3 of 7 don't meet the org credential standard. 2 carry a weak credential on a dangerous agent (Codex CLI, marketing-gpt), 2 static keys have never been rotated, and only 71% bind to an org principal. Observed from the wire — not issued or verified by qcontrol.
Credential standard
4 of 7 meet the standard · 3 exceptionsCredentials must be obtained via
- Org-backed OAuth through your IdP (SSO) — revocable, scoped, deprovisionable
- Short-lived JIT tokens minted per run (roadmap)
- Vault-issued, auto-rotated secrets for service agents (roadmap)
Not permitted
- Static API keys stored in config or .env files
- Consumer / self-serve provider accounts and unverified aliases
- Any credential with no IdP-backed, deprovisionable principal
Meet the standard
4/73 exceptions · org-backed OAuth
Compound risk
2weak cred + dangerous
Static API keys
34 on OAuth
Never rotated
2static keys, no rotation
Org-binding coverage
71%29% static / alias
Machine credentials — exceptions first
7 instrumented agents · observed, not IdP-verified · row → profile
Agent | Bound identity | Credential source | Credential risk | Rotation | Conforms |
|---|---|---|---|---|---|
Codex CLIv1.4.0 cli · dev@dev-box-7 compound | dev-7f3@duck.com unverified alias consumer — no org binding | Self-serve provider console API key · in …/.codex/config.toml | High static key on an unbacked consumer identity | never rotated no rotation on record in active use — rotate w/ coordination | exception |
marketing-gptv0.3.0 service · root@mktg-runner compound | — no telemetry identity consumer — no org binding | Static key · plaintext .env API key · in …/marketing-gpt/.env store read into context | High static key on an unbacked consumer identity | never rotated no rotation on record in active use — rotate w/ coordination | exception |
support-copilotv0.9.2 service · root@svc-support-1 | svc-support@qpoint.io org_qpoint · acct_551aa9c0ff31 provider org — not your IdP | Static key · service config API key · in …/support-copilot/agent.yaml | Elevated long-lived static key | 150d ago stale · over 90d in active use — rotate w/ coordination | exception |
Claude Codev2.1.161 cli · mark@mp-mbp | mark@qpoint.io org_qpoint · acct_7f3a91c4e0b2 provider org — not your IdP | Org IdP · enterprise OAuth OAuth (JWT) · in …/.claude/settings.json | Lower revocable OAuth, enterprise-backed | 8d ago auto-refreshed (OAuth) in active use — rotate w/ coordination | meets |
Cursorv3.5.17 ide · jane@jane-mbp | jane@qpoint.io org_qpoint · acct_22b8de01aa54 provider org — not your IdP | Org IdP · enterprise OAuth OAuth (opaque) · in …/Cursor/settings.json | Lower revocable OAuth, enterprise-backed | 11d ago auto-refreshed (OAuth) in active use — rotate w/ coordination | meets |
data-pipeline-agentv1.2.4 service · svc-data@etl-worker-2 | svc-data@qpoint.io org_qpoint · acct_99fa201bcd77 provider org — not your IdP | Org IdP · enterprise OAuth OAuth (JWT) · in …/etl/agent.yaml | Lower revocable OAuth, enterprise-backed | 22d ago auto-refreshed (OAuth) in active use — rotate w/ coordination | meets |
Claude Desktopv1.9255.2 desktop · mark@mp-mbp | mark@qpoint.io org_qpoint · acct_7f3a91c4e0b2 provider org — not your IdP | Org IdP · enterprise OAuth OAuth (JWT) · in …/Claude/config.json | Lower revocable OAuth, enterprise-backed | 15d ago auto-refreshed (OAuth) in active use — rotate w/ coordination | meets |
Exceptions lead — non-conforming rows (highlighted) draw from provider_console, config_file, plaintext_file, or unclassified sources. Governed ≠ trusted credential: an agent can be policy-bound and still carry a long-lived static key — see the compound flags. Rotation age & activity derived live from cred_last_rotated / last_api_call.
3 credentials outside the standard — fix queue
Codex CLI
Static · console
static key on an unbacked consumer identity. Rotate the key, move to org-backed OAuth, and join the alias to your IdP.
marketing-gpt
Static · .env
static key on an unbacked consumer identity. Rotate immediately and remove the key from its file — that file is itself read into model context.
support-copilot
Static · config
long-lived static key. Rotate the static key and move it to a vault; bind the service to an org principal.
Projected — controls that would close the gap to the standard
Just-in-time credentials
Mint short-lived, scoped tokens per run instead of long-lived static keys — no standing secret to leak or rotate.
SSO / SCIM join
Bind machine identities to your IdP so each agent maps to a real, deprovisionable principal — retire duck.com aliases.
Credential rotation
Detect long-lived keys, schedule rotation, and revoke on anomaly — closing the standing-credential gap automatically.
Observed, not verified — two distinctions this page keeps separate
- Governed ≠ trusted credential. An agent can be policy-bound (governed) and still carry a weak static key — see the compound flags above.
- Provider org ≠ your IdP. org_qpoint is the model provider's org, not a deprovisionable principal in your IdP. A duck.com address is a vendor alias, not an authenticated human.
Do next
Fields: cred_source · cred_risk · cred_why · cred_last_rotated · auth_method · org_id · account_uuid · config_source · sensitive_files · last_api_call — from app/data/c16-fleet.ts (instrumented agents only). Rotation age & activity derived live via new Date(); conformance via credConforms / CRED_SOURCE_META; compound via isCompoundRisk.