Security · Agent Identity
How every agent gets its credential — and whether it meets the standard.
Govern machine identities (NHI): where each agent's credential came from, how trustworthy it is, and which agents fall outside the org credential standard. Observed from the wire — not issued or verified by qcontrol.
Bottom line
3 of 7 agents fail the credential standard — Codex CLI, marketing-gpt, support-copilot. 2 carry a weak credential on a dangerous agent, and 2 static keys have never been rotated. Move them to org-backed OAuth and rotate the static keys. Observed, not IdP-verified.
Credential standard
4 of 7 meet the standard · 3 exceptionsCredentials must be obtained via
- ✓Org-backed OAuth through your IdP (SSO) — revocable, scoped, deprovisionable
- ✓Short-lived JIT tokens minted per run (roadmap)
- ✓Vault-issued, auto-rotated secrets for service agents (roadmap)
Not permitted
- ✗Static API keys stored in config or .env files
- ✗Consumer / self-serve provider accounts and unverified aliases
- ✗Any credential with no IdP-backed, deprovisionable principal
4/7
meet the standard
3 exceptions
2
compound risk
weak cred + dangerous
3
static API keys
4 on OAuth
2
never rotated
static keys, no rotation
71%
org-binding coverage
29% static/alias
Machine credentials — exceptions first
7 instrumented agents3 credentials outside the standard — fix queue
Observed, not verified — and two distinctions this page keeps separate
- Governed ≠ trusted credential. An agent can be policy-bound (governed) and still carry a weak static key — see the “compound” flags above.
- Provider org ≠ your IdP. org_qpoint is the model provider's org, not a principal in your IdP you can deprovision. A duck.com address is a vendor alias, not an authenticated human.
Projected — controls that would close the gap to the standard
Just-in-time credentials
roadmapMint short-lived, scoped tokens per run instead of long-lived static keys — no standing secret to leak or rotate.
SSO / SCIM join
roadmapBind machine identities to your IdP so each agent maps to a real, deprovisionable principal — retire duck.com aliases.
Credential rotation
roadmapDetect long-lived keys, schedule rotation, and revoke on anomaly — closing the standing-credential gap automatically.
Fields: cred_source · cred_risk · cred_why · cred_last_rotated · auth_method · org_id · account_uuid · config_source · sensitive_files · last_api_call — from app/data/c16-fleet.ts (instrumented agents only). Rotation age & activity derived live via new Date(); conformance from CRED_SOURCE_META.