Enhanced Agent Security
The agent is a system that has higher privileges in a private
infrastructure, the created tasks are processed and executed through an
authentication that maps an api key of an organization, however there’s
no way to guarantee that task is being executed by an authenticated and
authorized user session. This requirement may be important to
organizations in which requires this sort of enforcement.
The JWT tokens are kept in memory only during the execution of a task, they are never persisted.
Main Benefits
- Prevents the execution of tasks without authenticated the user session token
- Enforced with the use of external auth providers (Okta, Auth0, ORY Hydra, etc)
Limitations
- Slack Tasks / REPL are disabled when this option is set
- Automation of rotating keys is not yet supported
⚠️ Toggling between this feature (JWK_URL=) could be harmful of stale tasks being executed, perform this operation with careful.
Configuration
Set the enviroment variable
JWK_URL containing the
public keys of your auth provider before starting the agent, the
supported algorithms are RS256 and ECDSA256.
To enforce authentication using our auth provider:JWK_URL=https://runops.us.auth0.com/.well-known/jwks.json