AgentOS Security
Secure your AgentOS with authentication and authorization.
AgentOS supports two security mechanisms:
| Method | Use Case |
|---|---|
| Basic Authentication | Simple key validation for development |
| RBAC | JWT-powered authorization with fine-grained scopes for production |
Basic Authentication
Set the OS_SECURITY_KEY environment variable in your .env file or export it directly in your terminal:
1export OS_SECURITY_KEY="your-secret-key"Requests without a valid Authorization: Bearer <key> header return 401 Unauthorized.
Role-Based Access Control (RBAC)
RBAC validates JWT tokens and checks scopes against required permissions for each endpoint. Enable it with authorization=True:
1from kern.os import AgentOS23agent_os = AgentOS(4 id="my-agent-os",5 agents=[my_agent],6 authorization=True,7)Set the JWT_VERIFICATION_KEY environment variable to your public key in your .env file or export it directly in your terminal:
1export JWT_VERIFICATION_KEY="your-public-key"You can generate a key pair from the control plane when connecting a new OS or from the Settings page for an existing OS.
Requests without a valid JWT return 401 Unauthorized. Requests with insufficient scopes return 403 Forbidden.
See RBAC Documentation for scope format, available scopes, and endpoint mappings.