Access Control and Secrets
Separate human, service, connector, and agent permissions, then connect least privilege, secret rotation, approval gates, and audit evidence.
Key takeaways
- Separate human, service, connector, and agent permissions, then connect least privilege, secret rotation, approval gates, and audit evidence.
- Use this chapter as a first-pass operating checklist before changing systems, data, permissions, or customer-facing workflows.
- Validate platform-specific details against current official docs or internal policy before rollout.
AI systems introduce a new permission actor: the agent. It may read, decide, and trigger tools on behalf of a user or workflow, so access control must be explicit.
Identity Types
| Identity | Control need |
|---|---|
| Human user | Role, tenant, consent, session |
| Service account | Scoped API access and rotation |
| Agent runtime | Task-scoped permissions and audit |
| Tool connector | Least privilege and data filtering |
| Administrator | Break-glass policy and monitoring |
Secret Rules
- Store secrets in approved secret managers or platform environment variables.
- Never put secrets in prompts, memories, documentation examples, or logs.
- Rotate keys with no expiration or unclear owner.
- Separate development, staging, and production credentials.
- Monitor privileged token usage and failed access attempts.
Approval Gate
Any AI-initiated action that changes money, customer records, permissions, legal status, or production state should require explicit policy and human review.