Aegis-KMS¶

An open-source, agent-aware key management service.

Identity, audit, and real-time control for an era when LLM agents call your sign / encrypt APIs and the role-centric audit log can't tell you which agent did what.

Get started in 2 minutes Read the architecture

Why Aegis exists¶

AI agents — Claude, GPT, custom agents, RAG workloads — now sign payloads, decrypt secrets, and call tools that hold real credentials. None of the existing key managers were built for this.

When something goes wrong, the audit log says "role billing-signer made 80 sign calls" and can't tell you which agent did it, on whose behalf, or whether the burst is anomalous. The problem is structural: every existing KMS — AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault, OpenBao — is built around a role-centric model that pre-dates LLM agents in production.

Aegis is the agent-native control plane that sits in front of an existing KMS (AWS KMS today; GCP / Azure / Vault adapters in v0.2.0) and adds the four things role-centric KMSes don't:

Per-agent identity

Every request resolves to a Principal.Agent with a back-pointer to the human who issued it, an explicit scope, and a TTL — not a shared service-account credential.
Behavioural baselines

Five detectors flag scope violations, rate spikes, off-hours access, new source IPs, and operations the actor has never performed.
Structured audit

Every decision, score, and detection lands in an immutable journal with full agent + parent attribution and full request context.
Real-time response (v0.2.0)

Configurable wiring from detection to action: allow / step-up / deny / rotate / revoke / alert, applied before the next request lands.

Quickstart in 30 seconds¶

bash git clone https://github.com/sharma-bhaskar/aegis-kms.git cd aegis-kms export POSTGRES_PASSWORD="$(openssl rand -base64 24)" docker compose -f deploy/docker/docker-compose.yml up

Server is now at http://localhost:8080. Swagger UI lives at http://localhost:8080/docs/. Full walkthrough → Getting Started → Quickstart.

What ships in v0.1.1¶

Surface	Status
REST `/v1/keys/*` (create, get, activate, destroy, sign, verify, encrypt, decrypt, wrap, unwrap, rotate, compromise)	Shipped
`aegis` admin CLI for the same surface	Shipped
JWT bearer auth (HS256) + dev `X-Aegis-User` header	Shipped
Postgres event journal (in-memory option for dev)	Shipped
AWS KMS `RootOfTrust` adapter	Shipped
5-detector anomaly engine (scope, rate, op-histogram, time-of-day, source-IP)	Shipped
Prometheus `/metrics` + JVM standard collectors	Shipped
OpenTelemetry tracing (auto-configured SDK)	Shipped
OpenAPI 3.1 spec + Swagger UI on `/docs/`	Shipped
`Resource[IO, Unit]` boot scope for graceful shutdown	Shipped
KMIP wire plane	v0.2.0
MCP-native server	v0.2.0
Agent-aware audit fields populated end-to-end	v0.2.0
GCP / Azure / Vault `RootOfTrust` adapters	v0.2.0
Auto-response loop (revoke / step-up / rotate / alert)	v0.2.0
SIEM / Kafka / Postgres audit fan-out	v0.3.0
Helm chart, auto-rotation scheduler	v0.3.0

Full per-release breakdown → Roadmap. What changed when → Changelog.

Where to go next¶

First time?

Run the Quickstart, then read the Architecture page to understand how Aegis fits in front of your existing KMS.
Operating Aegis?

Observability covers Prometheus + OTel wiring. Security covers deploy-time configuration.
Contributing?

The Developer Guide walks through setup, testing, architecture, and the PR flow end-to-end.
Evaluating Aegis?

Comparison with AWS KMS / Vault / OpenBao — including a clear "do not pick Aegis if…" section.

License¶

Apache-2.0. See LICENSE.

Status¶

v0.1.1 — pre-alpha. Not production-ready; looking for design partners through v1.0. The full status disclosure is on the Status page.