When AI Agents integrate into business workflows, they need secure access to LLM services. Traditional key management — where each Agent holds its own API key — risks leaks and misuse. Agent ID Guard provides outbound authorization for LLM, centrally managing credentials and distributing them on demand to keep keys secure.
Overview
AI Agents often need to access external services such as LLM APIs, third-party SaaS, and internal enterprise systems. Agent ID Guard provides outbound authorization specifically for LLM services, using centralized custody and dynamic authorization to manage API keys securely:
Centralized encrypted custody: API keys are stored in the Agent ID Guard credential service and protected by Alibaba Cloud Key Management Service (KMS), eliminating the risk of plaintext exposure.
Dynamic issuance at runtime: Agents obtain API keys on demand at runtime based on their identity, removing the need to embed keys in images or configurations and reducing leak risks.
Least privilege authorization: Outbound authorization is established per Agent identity, ensuring each Agent can access only the API keys required for its operations.
Core concepts
Concept | Description |
Agent node | A machine identity hosted in Agent ID Guard, corresponding to an M2M (Machine-to-Machine) application at the underlying layer. |
LLM node | An outbound node in the Agent workflow. Each LLM node is associated with an API key credential, hosted in the Agent ID Guard credential service and encrypted via KMS. |
Credential identifier | A unique identifier for an API key credential. Agents use this identifier to obtain the corresponding API key without accessing the original plaintext. |
Outbound authorization | The authorization relationship between an Agent node and an LLM node, including function authorization and data authorization. Only Agents with an established outbound authorization relationship can obtain the API key of the associated LLM. |
Function authorization | Controls what operations an Agent can perform. Function authorization is automatically completed when the Agent is registered, granting the Agent permission to obtain credentials. |
Data authorization | Controls which specific credential an Agent can obtain, defined as a rule in the format of "associated identity + authorized asset". When an Agent is registered, the system automatically creates an authorization rule for that Agent. After an LLM node is added, the API key credential is automatically added to this rule, granting the Agent permission to obtain it. |
API key credential management
LLM API key outbound authorization is tightly integrated with credential management:
When adding a node:
The LLM API key is stored in the Agent ID Guard credential service and encrypted by KMS using industry-standard algorithms, protected by dedicated hardware security modules.
The system automatically adds the credential to the Agent-specific authorization rule, and the authorization takes effect immediately.
When deleting a node: The system automatically removes the credential from the Agent-specific authorization rule, revoking access immediately. The credential itself is not deleted and remains available for other Agents.
When rotating API keys: Administrators update the API key value in the credential service. All associated Agents automatically receive the new key on their next request, without notifying or redeploying each Agent individually.
Prerequisites
An IDaaS EIAM Enterprise Edition instance is created with machine identity management enabled.
The Agent identity is registered in Agent ID Guard. For more information, see Register Agent identity in Agent ID Guard.
An API key from the LLM service provider is obtained (for example, a Bailian API key).
Procedure
Step 1: Add an LLM node
Log on to the IDaaS EIAM console.
In the left-side navigation pane, click Agent Identity Security to go to the Agent ID Guard page.
Find the target Agent and click Operation > Edit to go to the Agent Details page. Click the Agent module in the flowchart at the bottom of the page.
Confirm that Agent identity registration is complete. A green checkmark icon appears to the right of the Agent module name, indicating that the Agent is ready for enterprise service node configuration.
In the upper-right corner of the topology diagram, click Add Node and select Large Language Model (LLM) from the drop-down list.
NoteEach LLM node corresponds to one API key credential. If an Agent needs to access multiple LLM services (for example, both Tongyi Qianwen and OpenAI), add multiple LLM nodes separately.
Configure the Large Language Model (LLM) node. Choose one of the following methods based on your business requirements:
Add an API key credential
Use this method if the required credential does not exist in the API key credential list:
Click Add API Key Credential.
Configure the following parameters:
Parameter
Description
Example
Credential Name
The display name of the credential in the console.
Qwen production key
Description
Describes the purpose of this credential.
Qwen LLM API key, for production environment only
API key ID
A unique identifier for the credential. Agents use this identifier to obtain the API key plaintext.
qwen-apikey-prod
API Key
The plaintext of the LLM API key. After entry, the key is encrypted and stored via KMS.
sk-xxxxx
After completing the configuration, click OK to create the credential.
Select an existing API key credential
Use this method if the required credential already exists in the API key credential list (for example, another Agent has already added the same credential). Select it directly from the list.
Step 2: Outbound authorization (automatic)
After the credential is selected or created, the system automatically adds it to the Agent-specific authorization rule. No manual configuration is required.
Verify the authorization in the topology diagram:
An outbound authorization connection is displayed between the Agent node and the LLM node, indicating that the authorization is established.
Click the connection to view the authorization details, including the associated credential identifier and status.
After confirming the authorization relationship is correct, click Save in the upper-right corner of the page to complete the configuration.
To revoke an Agent's access to an LLM, delete the corresponding LLM node. The system automatically removes the credential from the Agent-specific authorization rule. The credential itself is not deleted and does not affect other Agents.