Deployment

Deployment

Managed Hosting

The simplest way to run TAP. Sign up at auth.toolsec.org, configure credentials via the dashboard, and start proxying. The admin API is also available for automation.

What you get:

  • Runs in Evervault hardware enclaves (encrypted memory, attestable)
  • TLS termination and key management handled for you
  • Automatic backups
  • No Docker, no server management

Setup via dashboard: Go to auth.toolsec.org, sign up, and use the visual interface to add credentials, create agents, and configure policies.

Setup via API:

# 1. Sign up
curl -X POST https://proxy.toolsec.org/signup \
  -H "Content-Type: application/json" \
  -d '{"team_name": "my-team", "email": "admin@example.com", "password": "my-password"}'
 
# 2. Verify email (check inbox for 6-digit code)
curl -X POST https://proxy.toolsec.org/verify-email \
  -H "Content-Type: application/json" \
  -d '{"email": "admin@example.com", "code": "123456"}'
 
# 3. Log in
curl -X POST https://proxy.toolsec.org/login \
  -H "Content-Type: application/json" \
  -d '{"email": "admin@example.com", "password": "my-password"}'
# Save the session_token from the response
 
# 4. Add a credential
curl -X POST https://proxy.toolsec.org/admin/credentials \
  -H "Authorization: Bearer $SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "slack", "description": "Slack API", "value": "xoxb-your-token"}'
 
# 5. Create an agent
curl -X POST https://proxy.toolsec.org/admin/agents \
  -H "Authorization: Bearer $SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"id": "my-agent", "credentials": ["slack"]}'
# Save the api_key from the response — it is shown once
 
# 6. Set a policy
curl -X PUT https://proxy.toolsec.org/admin/policies/slack \
  -H "Authorization: Bearer $SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"auto_approve_methods": ["GET"], "require_approval_methods": ["POST"]}'
 
# 7. Test it
curl -X POST https://proxy.toolsec.org/forward \
  -H "X-TAP-Key: $AGENT_KEY" \
  -H "X-TAP-Credential: slack" \
  -H "X-TAP-Target: https://slack.com/api/conversations.list" \
  -H "X-TAP-Method: GET"

Managed hosting is the recommended path for most use cases.

Self-Hosted

Local Development

No TLS, no nginx, proxy exposed directly on port 3100:

git clone https://github.com/nanaknihal/agentsec
cd agentsec
cp local.env.example .env
# Edit .env with real values (see Environment Variables)
 
docker-compose -f docker-compose.yaml -f docker-compose.local.yaml up --build

Configuration (credentials, agents, policies) is managed via the admin API and CLI after the proxy starts.

Audit logs are written to ./data/audit.jsonl (local directory, not a Docker volume).

Production

Includes nginx for TLS termination on port 443:

docker-compose up --build

Services:

ServicePortPurpose
proxy3100 (internal)TAP proxy
nginx443 (public)TLS termination, reverse proxy to proxy:3100

Audit logs are stored in a named Docker volume (audit-data) at /data/audit.jsonl.

TLS Setup

  1. Place your certificate and key in deploy/certs/:

    • deploy/certs/cert.pem
    • deploy/certs/key.pem

  2. Configure deploy/nginx.conf with your domain and cert paths

  3. Start with docker-compose up --build

Building from Source

cargo build --release
# Binary at target/release/agentsec-proxy
# CLI at target/release/tap

Set environment variables directly (see Environment Variables) and run:

./target/release/agentsec-proxy

Generating Secrets

# Encryption key (HMAC-SHA256 for agent auth)
openssl rand -hex 32
 
# Agent API keys (one per agent) — or use the admin API, which generates keys automatically
openssl rand -hex 32

All keys are 64 hex characters (32 bytes). Store them in .env or pass via docker-compose --env-file.

Health Check

The proxy exposes GET /health (no auth required). Docker Compose is configured to check it every 30 seconds with 3 retries:

curl http://localhost:3100/health

Enclave Deployment

For advanced users who want enclave security on their own infrastructure, TAP includes a Dockerfile.enclave for building an Evervault-compatible enclave image. This provides:

  • Encrypted memory at runtime
  • Attestation (cryptographic proof the binary hasn’t been tampered with)
  • Key management via Evervault KMS (no encryption key in env vars)

Build with the enclave feature flag:

cargo build --release --features enclave

See the Evervault documentation for deploying enclave images to your own infrastructure.

Production Checklist

  • TLS enabled (never expose the proxy without encryption)
  • Strong encryption key (openssl rand -hex 32, not the example value)
  • Unique API key per agent (not shared between agents)
  • Telegram bot token not shared with other services
  • Audit log on persistent storage (Docker volume or mounted directory)
  • Policies reviewed per credential (start restrictive, loosen as needed)
  • Rate limits configured for high-volume agents
  • allowed_approvers set for sensitive credentials
  • Email verification enabled for admin accounts
Policies & ApprovalOAuth 1.0a Signer