{"id":29031106,"url":"https://github.com/deeptrail/deepsecure","last_synced_at":"2025-06-26T10:02:21.826Z","repository":{"id":297323439,"uuid":"955743124","full_name":"DeepTrail/deepsecure","owner":"DeepTrail","description":"Effortlessly secure your AI agents and AI-powered workflows — from prototype to production. Get easy-to-use identity, credential, and access management built for fast-moving AI developers.","archived":false,"fork":false,"pushed_at":"2025-06-25T19:50:26.000Z","size":2595,"stargazers_count":7,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"dev","last_synced_at":"2025-06-26T10:01:41.489Z","etag":null,"topics":["agent-auth","agent-i","ai","ai-agents","api-keys","auth0","authentication","authorization","contributions-welcome","credentials","mcp","mcp-client","mcp-secu","mcp-server","secure-by-","tool-calling"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DeepTrail.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/roadmap/deepsecure-cli-features.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-03-27T05:59:31.000Z","updated_at":"2025-06-25T19:50:30.000Z","dependencies_parsed_at":"2025-06-26T10:01:29.520Z","dependency_job_id":null,"html_url":"https://github.com/DeepTrail/deepsecure","commit_stats":null,"previous_names":["deeptrail/deepsecure"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/DeepTrail/deepsecure","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepTrail%2Fdeepsecure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepTrail%2Fdeepsecure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepTrail%2Fdeepsecure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepTrail%2Fdeepsecure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DeepTrail","download_url":"https://codeload.github.com/DeepTrail/deepsecure/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepTrail%2Fdeepsecure/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262044401,"owners_count":23249745,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-auth","agent-i","ai","ai-agents","api-keys","auth0","authentication","authorization","contributions-welcome","credentials","mcp","mcp-client","mcp-secu","mcp-server","secure-by-","tool-calling"],"created_at":"2025-06-26T10:01:13.681Z","updated_at":"2025-06-26T10:02:21.813Z","avatar_url":"https://github.com/DeepTrail.png","language":"Python","readme":"\u003cdiv align=\"center\"\u003e\n  \u003ch1 style=\"display: flex; align-items: center;\"\u003e\n    \u003cimg src=\"assets/deeptrail_logo.png\" alt=\"DeepSecure Logo\" height=\"24\" style=\"transform: translateY(2px);\" /\u003e\n    \u003cspan style=\"margin-left: 15px;\"\u003eDeepSecure: Effortless Identity \u0026 Auth for AI Agents\u003c/span\u003e\n  \u003c/h1\u003e\n  \u003ca href=\"https://pypi.org/project/deepsecure/\"\u003e\n    \u003cimg src=\"https://img.shields.io/pypi/v/deepsecure?style=flat-square\" alt=\"PyPI version\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://pepy.tech/projects/deepsecure\"\u003e\n    \u003cimg src=\"https://static.pepy.tech/badge/deepsecure\" alt=\"PyPI Downloads\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://pypi.org/project/deepsecure/\"\u003e\n    \u003cimg src=\"https://img.shields.io/pypi/pyversions/deepsecure?style=flat-square\" alt=\"Python Version\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://opensource.org/licenses/Apache-2.0\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg?style=flat-square\" alt=\"License\"/\u003e\n  \u003c/a\u003e\n  \u003cbr/\u003e\n  \u003ca href=\"https://github.com/DeepTrail/deepsecure/stargazers\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/DeepTrail/deepsecure?style=flat-square\" alt=\"GitHub stars\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/DeepTrail/deepsecure/discussions\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/discussions/DeepTrail/deepsecure?style=flat-square\" alt=\"GitHub Discussions\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/DeepTrail/deepsecure/pulls\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square\" alt=\"PRs Welcome\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://x.com/imaxxs\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Follow-Mahendra-blue?style=flat-square\u0026logo=x\" alt=\"Follow on X\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://x.com/0xdeeptrail\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Follow-@0xdeeptrail-blue?style=flat-square\u0026logo=x\" alt=\"Follow on X\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.linkedin.com/company/deeptrail\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Follow-DeepTrail-blue?style=flat-square\u0026logo=linkedin\" alt=\"Follow on LinkedIn\"/\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\u003cbr/\u003e\n\nStop wrestling with auth \u0026 scattered API keys. DeepSecure provides Identity-as-Code for your AI agents, giving them unique identity to fetch their own ephemeral credentials programmatically.\n\n🚀 Build AI Agents Faster. Security? Solved.  \nYou're building rapidly and deploying quickly—but scattered API keys and messy auth logic slow you down.\nWhy build your agent only for prototype — when you can secure it from prototype to production?\n\nDeepSecure instantly provides your AI agents with secure identities and short-lived credentials — zero friction, zero expertise needed.\n\n✅ Replaces API key chaos \u0026 auth boilerplate with secure, programmatic access.  \n✅ Instant setup—be secure in minutes.  \n✅ Integrates instantly—perfect for LangChain, CrewAI, and more.\n\n---\n\n**Table of Contents**\n- [🤔 Why DeepSecure? (Stop Wrestling with Auth \\\u0026 Secrets)](#-why-deepsecure-stop-wrestling-with-auth--secrets)\n  - [The Problem: The Mess of Static Keys \\\u0026 Manual Auth](#the-problem-the-mess-of-static-keys--manual-auth)\n  - [The DeepSecure Way: Identity-as-Code](#the-deepsecure-way-identity-as-code)\n- [⚙️ Getting Started](#️-getting-started)\n  - [Prerequisites](#prerequisites)\n  - [Installation](#installation)\n- [🚀 Quick Start](#-quick-start)\n  - [1. Start the `credservice` backend](#1-start-the-credservice-backend)\n  - [2. Configure the CLI to connect to your `credservice`](#2-configure-the-cli-to-connect-to-your-credservice)\n  - [3. Store a Secret (via CLI)](#3-store-a-secret-via-cli)\n  - [4. For the AI Agent Developer (Primary Workflow)](#4-for-the-ai-agent-developer-primary-workflow)\n  - [What's Next?](#whats-next)\n- [🤝 Contributing](#-contributing)\n- [🫂 Community \\\u0026 Support](#-community--support)\n- [📜 License](#-license)\n\n---\n\n## 🤔 Why DeepSecure? (Stop Wrestling with Auth \u0026 Secrets)\n\nAs you build AI agents, you'll quickly run into a familiar, two-part problem:  \n1. How do you give your agents access to external APIs securely?  \n2. How do you verify *which* agent is making each request?  \n\nThe common approach—hardcoding static `API_KEY`s in `.env` files and writing custom auth logic for every interaction—is simple at first, but it quickly becomes a fragile, insecure mess that slows you down.\n\n### The Problem: The Mess of Static Keys \u0026 Manual Auth\n\n*   **Leaky Keys \u0026 Brittle Auth:** A single leaked key compromises an entire system. Your custom token validation logic becomes another surface to attack and a nightmare to maintain and update across services.\n*   **Painful Rotation \u0026 No Audit Trail:** Rotating keys is a manual headache. When all agents share a key, you have no idea *which* agent performed an action, making debugging and auditing impossible.\n*   **All-or-Nothing Access:** Static keys are often over-privileged. Writing the boilerplate code for fine-grained permissions for every agent and every resource is complex and slows down feature development.\n*   **Boilerplate Everywhere:** You end up writing the same authentication and authorization logic over and over for each new service your agent needs to talk to, pulling focus away from your core product.\n\nThis problem gets exponentially worse as you add more agents and more services. You end up with a complex, fragile web of hardcoded secrets and repetitive auth code that creates security nightmares and kills development velocity.\n\nBefore DeepSecure, agent credentials are a tangled mess. Static, long-lived API keys are often shared between multiple agents and manually embedded in configurations. This is not scalable, creates a high risk of key leakage, and makes auditing nearly impossible.\n\n![Before DeepSecure - A diagram showing a complex, tangled web of agents sharing static API keys to access various services.](assets/before-deepsecure.svg)\n\n### The DeepSecure Way: Identity-as-Code\n\nDeepSecure solves this by treating **Identity as Code**. Instead of scattering keys, you give each agent a unique, verifiable identity. Your agents then use this identity to request their own short-lived, narrowly-scoped credentials directly from a central service, just-in-time.\n\nWith DeepSecure, each agent has its own identity, fetches its own ephemeral credentials, and access is governed by clear, centralized policies. This is scalable, secure, and fully auditable.\n\n![With DeepSecure - A clean diagram showing decoupled agents requesting ephemeral credentials from a central DeepSecure client to access services.](assets/after-deepsecure.svg)\n\n## ⚙️ Getting Started\n\nGet fully set up with DeepSecure in under 5 minutes—secure your AI agents instantly!\n\n### Prerequisites\n\n*   Python 3.9+\n*   `pip` (Python package installer)\n*   Access to an OS keyring (macOS Keychain) for default secure key storage of agent private keys.\n*   **Docker and Docker Compose** for running the backend service.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e► Click here for backend `credservice` setup instructions\u003c/b\u003e\u003c/summary\u003e\n\nFor a complete, step-by-step guide on how to run the backend service, including database setup and Docker commands, please see our [**Credservice Setup Guide**](./docs/credservice-setup.md).\n\n\u003c/details\u003e\n\n### Installation\n\nInstall DeepSecure using pip:\n\n```bash\npip install deepsecure\n```\n\n## 🚀 Quick Start\n\nGet up and running with DeepSecure in minutes!\n\nThe `deepsecure` package you just installed is the client. To use it, you also need its backend service running.\nFirst, let's get the service running.\n\n### 1. Start the `credservice` backend\nBefore using the SDK or CLI to issue credentials, you need the backend service running. For detailed setup instructions, please follow the [**Credservice Setup Guide**](./docs/credservice-setup.md).\n\n### 2. Configure the CLI to connect to your `credservice`\n*(You only need to do this once, or when your `credservice` details change.)*\n```bash\n# Set the URL of your credservice instance\ndeepsecure configure set-url http://127.0.0.1:8001\n\n# Securely store your credservice API token.\n# When prompted, use the default token for the local setup: DEFAULT_QUICKSTART_TOKEN\ndeepsecure configure set-token\n```\n\n### 3. Store a Secret (via CLI)\n\nNext, you'll need to securely store a long-lived secret (like an API key) in the DeepSecure vault. This is typically an administrative task performed once by a privileged AI developer or an admin on the team.\n\nThe CLI will securely prompt you for the secret value so it doesn't appear in your shell history.\n\n```bash\n# Store your OpenAI API key in the vault\ndeepsecure vault store OPENAI_API_KEY\n```\n\n### 4. For the AI Agent Developer (Primary Workflow)\n\nThis is the recommended way to integrate DeepSecure into your AI agents. You should use the **Python SDK** to handle credentials, as it's safest to keep private keys in memory within the agent's process.\n\nThe new SDK is fully object-oriented. You start by creating a `Client`. The examples below show the two main patterns for using it.\n\n**Pattern 1: Basic Workflow**\nThis pattern is explicit and shows the full sequence of creating a client, ensuring an agent identity exists, and then fetching a secret on its behalf.\n\n```python\nimport deepsecure\n\n# 1. Initialize the client.\nclient = deepsecure.Client()\n\n# 2. Ensure an agent identity exists, creating it if it doesn't.\n#    This returns an Agent object, which is a handle to the identity.\nagent = client.agent(\"my-first-agent\", auto_create=True)\n\n# 3. Use the agent's identity to securely fetch a secret.\ntry:\n    api_key_secret = client.get_secret(\n        name=\"OPENAI_API_KEY\",\n        agent_name=agent.name\n    )\n    # The .value property gives you the secret. The object itself won't\n    # print the value, to prevent accidental logging.\n    print(f\"Secret fetched! Value starts with: '{api_key_secret.value[:4]}...'\")\n\nexcept deepsecure.DeepSecureError as e:\n    print(f\"Error: {e}\")\n```\n\n**Pattern 2: Recommended Workflow (Cleaner \u0026 More Scoped)**\n\nFor cleaner code, especially when an agent performs multiple actions, create an agent-specific client context using `.with_agent()`.\n\n```python\nimport deepsecure\n\n# 1. Initialize the main client.\nclient = deepsecure.Client()\n\n# 2. Create a client scoped specifically to the \"my-first-agent\" identity.\n#    All subsequent calls on `agent_client` act on behalf of this agent.\nagent_client = client.with_agent(\"my-first-agent\", auto_create=True)\n\n# 3. Now, you don't need to pass `agent_name` to `get_secret`.\napi_key_secret = agent_client.get_secret(\"OPENAI_API_KEY\")\n\nprint(f\"Secret fetched with agent-specific client! Value starts with: '{api_key_secret.value[:4]}...'\")\n```\n\n### What's Next?\n\nYou've now seen the core workflow! Ready to dive deeper?\n\n- 🐍 **[Python SDK Guide](./docs/README.md)** - Build secure AI agents with our SDK\n- 🔧 **[CLI Reference](./docs/cli_reference.md)** - Master the command-line interface  \n- ⚙️ **[Backend Setup](./docs/credservice-setup.md)** - Deploy your own credservice\n- 🤝 **[Contributing](./CONTRIBUTING.md)** - Help improve DeepSecure\n\nFor hands-on examples, explore our [`examples/`](./examples/) directory with LangChain, CrewAI, and multi-agent patterns.\n\n## 🤝 Contributing\n\nDeepSecure is open source, and your contributions are vital! Help us build the future of AI agent security.\n\n🌟 **Star our GitHub Repository!**  \n🐛 **Report Bugs or Feature Requests:** Use [GitHub Issues](https://github.com/DeepTrail/deepsecure/issues).  \n💡 **Suggest Features:** Share ideas on [GitHub Issues](https://github.com/DeepTrail/deepsecure/issues) or [GitHub Discussions](https://github.com/DeepTrail/deepsecure/discussions).  \n📝 **Improve Documentation:** Help us make our guides clearer.  \n💻 **Write Code:** Tackle bugs, add features, improve integrations.  \n\nFor details on how to set up your development environment and contribute, please see our [Contributing Guide](CONTRIBUTING.md).\n\n## 🫂 Community \u0026 Support\n\n**GitHub Discussions:** The primary forum for questions, sharing use cases, brainstorming ideas, and general discussions about DeepSecure and AI agent security. This is where we want to build our community!  \n**GitHub Issues:** For bug reports and specific, actionable feature requests.\n\nWe're committed to fostering an open and welcoming community.\n\n## 📜 License\n\nThis project is licensed under the terms of the [Apache 2.0 License](LICENSE).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeeptrail%2Fdeepsecure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeeptrail%2Fdeepsecure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeeptrail%2Fdeepsecure/lists"}