Security · Agent Identity
Who — and what — each agent authenticates as, and how trustworthy that credential is.
Observed, not verified
Credential class, org, and account below are read from provider telemetry — they are not issued, rotated, or IdP-verified by qcontrol. A duck.com address is a vendor-supplied alias, not an authenticated human. Treat these as machine identities (NHI) to govern, not as proof of identity.
2
high-risk credentials
static keys, unbacked
3
static API keys
4 on OAuth
2
no org binding
consumer identities
1
unverified aliases
duck.com vendor proxy
Machine credentials — sorted by credential risk
7 instrumented agentsProjected — identity controls qcontrol does not issue today
Just-in-time credentials
roadmapMint short-lived, scoped tokens per run instead of long-lived static keys — no standing secret to leak or rotate.
SSO / SCIM join
roadmapBind machine identities to your IdP so each agent maps to a real, deprovisionable principal — retire duck.com aliases.
Credential rotation
roadmapDetect long-lived keys, schedule rotation, and revoke on anomaly — closing the standing-credential gap automatically.
Fields: auth_method · cred_risk · cred_why · email · org_id · account_uuid · egress.length — from app/data/c16-fleet.ts (instrumented agents only).