TAG · Agentkms
Agentkms
Stacking policy: defaults + fine-grained overrides for high-value secrets
We built a real ABAC policy engine on top of the identity and step-up work. You can now express 'everything under LLM/* needs a human in the loop' as a default, while stacking a more specific rule that says only …
What shipping a WebAuthn flow actually looks like
Phase 1 piece #4 and Phase 1b-C were both marked complete based on unit tests. Then I drove a real browser ceremony and five bugs cascaded out at once.
Multi-principal zero-trust identity: humans, devices, workloads, and agents
Classic identity models handle one principal type at a time. Real systems have four interacting simultaneously — and most auth stacks are not built for that.
The airport-recovery demo: losing your laptop and recovering in two minutes
Lose the laptop at the gate, buy a new one, be back in your secrets in under two minutes. Here is what that actually looks like.
Go pro for plugins — how AgentKMS stays small and gets big
AgentKMS is one binary. Everything provider-specific, audit-specific, or compliance-specific is a plugin. Here's why that matters and what the plugin API looks like.