Give every AI agent a cryptographic identity and authenticated ephemeral credentials. Handle auth, delegation, policy enforcement, and secure proxying automatically. Effortlessly add identity and auth to any AI agent -- regardless of any platform, any framework, and any model.
# ❌ Current state: Security chaos
# 🔑 API keys scattered everywhere
os.environ["OPENAI_API_KEY"] = "sk-..." # Same key shared across all agents
# 🤖 No agent identity - who did what? which actions?
agent1 = YourFavoriteFramework() # Anonymous agent
agent2 = AnotherFramework() # Another anonymous agent
# 🚫 All-or-nothing permissions
agent.call_internal_api() # Full admin access to everything
agent.call_external_api() # Full admin access to everything
# No delegation, no policy enforcement, no audit trail
# Result: One breach = Complete system compromise# ✅ With DeepSecure: Complete security transformation
# 🔐 Cryptographic identity per agent
client = deepsecure.Client()
agent = client.agent("financial-analyst", auto_create=True) # Ed25519 identity
# 📋 Fine-grained policy enforcement happens automatically
# When agent fetches secrets, gateway validates JWT claims and enforces policy
secret = client.get_secret(
agent_id=agent.id,
secret_name="openai-api",
path="/v1/chat/completions"
)
# Gateway enforces: Does agent have OpenAI access? Rate limits? Business hours?
# Policy controls which agents can access which APIs, when, and how often
# 🔄 Secure delegation between agents
delegation_token = client.delegate_access(
delegator_agent_id=agent.id,
target_agent_id="data-processor",
resource="financial-data",
permissions=["read"],
ttl_seconds=1800)
# 📊 Complete audit trail + policy enforcement
# Every action logged, every access controlled, every delegation tracked
# Result: Zero-trust security with full visibility and control| Without DeepSecure | With DeepSecure |
|---|---|
| 🔑 Shared API keys | 🛡️ AI Agents don't have access to API keys |
| 🤖 No Agent Identity | 🔐 AI Agents get Ed25519 Cryptographic Identity |
| 🚫 No Access Control | 📋 AI Agents with Fine-Grained Policies |
| 📊 No delegation and tracking | 📊 AI Agents with crypotographic delegation and audit trail |
| 🏭 Production Blockers | 🚀 Enterprise-Ready |
Get fully set up with DeepSecure in under 5 minutes—secure your AI agents instantly!
- Python 3.9+
- pip (Python package installer)
- Access to an OS keyring (macOS Keychain, Windows Credential Store, or Linux keyring) for secure agent private key storage
- Docker and Docker Compose for running the backend services
pip install deepsecureDeepSecure uses a dual-service architecture:
deeptrail-control- Control Plane (manages agents, policies, credentials)deeptrail-gateway- Data Plane (enforces policies, injects secrets)
# Clone the repository
git clone https://github.com/DeepTrail/deepsecure.git
cd deepsecure
# Start both services
docker-compose up -d
# Verify services are running
docker-compose psThis will start:
- Control Plane at
http://localhost:8000 - Gateway at
http://localhost:8001 - PostgreSQL database for persistent storage
# Set the control plane URL
deepsecure configure set-url http://localhost:8000
# Verify connection
deepsecure health# Check version
deepsecure --version
# Test agent creation
deepsecure agent create --name "test-agent"🎉 You're all set! Your secure AI agent infrastructure is now running.
Next Steps:
- Try the 30-second quickstart below
- Explore our examples for real-world use cases
- Read the Architecture Guide to understand the system
# 1. Install DeepSecure
pip install deepsecure
# 2. Connect to your security control plane
# For local development:
deepsecure configure set-url http://localhost:8001
# For production (your deployed instance):
# deepsecure configure set-url https://deepsecure.yourcompany.com
# 3. Create your first AI agent identity
deepsecure agent create --name "my-ai-agent"
# 4. Use in your AI code
import deepsecure
client = deepsecure.Client()
agent = client.agent("my-ai-agent", auto_create=True)
secret = client.get_secret(name="openai-api", agent_name=agent.name)
# That's it! Your agent now has secure, audited access to OpenAI🎯 What you just achieved:
- ✅ Centralized Security: All your AI agents use one security control plane
- ✅ Zero Hardcoded Secrets: Agents get ephemeral credentials automatically
- ✅ Unique Identity: Each agent has cryptographic identity (Ed25519)
- ✅ Complete Audit Trail: Every action is logged for compliance and debugging
- 🛡️ Policy Enforcement Ready: Fine-grained access control available via
deepsecure policycommands
DeepSecure implements a dual-service architecture designed for production scale:
- Agent Identity Management: Ed25519 cryptographic identities
- Policy Engine: Fine-grained RBAC with delegation support
- Credential Issuance: Ephemeral, time-bound access tokens
- Audit Logging: Immutable security event tracking
- Secret Injection: Automatic API key insertion at runtime
- Policy Enforcement: Real-time access control decisions
- Split-Key Security: Client/backend key reassembly for ultimate protection
- Request Proxying: Transparent handling of all agent tool calls
graph TB
A[AI Agent/Developer] --> B[DeepSecure SDK]
%% Management Flow - Direct to Control
B -->|Management Operations<br/>Agent/Policy CRUD| D[Control Plane<br/>deeptrail-control]
%% Runtime Flow - Through Gateway
B -->|Runtime Operations<br/>Tool Calls| C[Gateway<br/>deeptrail-gateway]
C --> D
C --> E[External APIs<br/>OpenAI, AWS, etc.]
D --> F[Policy Engine]
D --> G[Split-Key Store]
D --> H[Audit Log]
%% Labels for clarity
B -.->|"deepsecure agent create<br/>deepsecure policy create"| D
B -.->|"agent.call_openai()<br/>with secret injection"| C
style A fill:#e1f5fe
style C fill:#f3e5f5
style D fill:#e8f5e8
style E fill:#fff3e0
Explore our comprehensive example collection:
| Example | Description | Framework |
|---|---|---|
| Basic Agent Creation | Create your first secure agent | Core SDK |
| LangChain Integration | Secure LangChain agents | LangChain |
| CrewAI Team Security | Multi-agent crew with delegation | CrewAI |
| Gateway Injection | Automatic secret injection | Core SDK |
| Advanced Delegation | Complex delegation workflows | Core SDK |
| Platform Bootstrap | Kubernetes/AWS agent bootstrapping | Infrastructure |
You've now seen the core workflow! Ready to dive deeper?
| Resource | Description |
|---|---|
| 🚀 Getting Started | Complete setup guide with examples |
| 🔧 CLI Reference | All commands and options |
| 📖 SDK Documentation | Python SDK with full API reference |
| 🏗️ Architecture Guide | Deep dive into system design |
| 🔒 Security Model | Cryptographic foundations |
| 🚀 Deployment Guide | Production deployment patterns |
For hands-on examples, explore our examples/ directory with LangChain, CrewAI, and multi-agent patterns.
DeepSecure is open source, and your contributions are vital! Help us build the future of AI agent security.
🌟 Star our GitHub Repository!
🐛 Report Bugs or Feature Requests: Use GitHub Issues.
💡 Suggest Features: Share ideas on GitHub Issues or GitHub Discussions.
📝 Improve Documentation: Help us make our guides clearer.
💻 Write Code: Tackle bugs, add features, improve integrations.
For details on how to set up your development environment and contribute, please see our Contributing Guide.
GitHub Discussions: The primary forum for questions, sharing use cases, brainstorming ideas, and general discussions about DeepSecure and AI agent security. This is where we want to build our community!
GitHub Issues: For bug reports and specific, actionable feature requests.
We're committed to fostering an open and welcoming community.
This project is licensed under the terms of the Apache 2.0 License.
⭐ Star us on GitHub if DeepSecure helps secure your AI agents!
🚀 Get Started • 📖 Documentation • 💬 Join Discord
Built with ❤️ for the AI agent developer community