Security and Privacy

Protect sensitive data while using the AIP SDK and CLI. This guide covers PII masking, tool-output controls, memory scoping, and API key hygiene.

When to use this guide: You handle regulated data, govern tooling access, or perform privacy reviews on agent configurations.

Who benefits: Security engineers, PMs overseeing compliance, and data developers stewarding user content.

Security features by surface are tracked in the AIP capability matrix. Key gaps today: CLI still relies on export/import for pii_mapping, memory, and tool-output toggles, and presigned URL regeneration plus run-history auditing remain REST-first.

Mask PII During Runs

When to use: Redact sensitive inputs or outputs before sharing transcripts or artifacts.

from glaip_sdk import Client

client = Client()
response = client.agents.run_agent(
    "secure-processor",
    "Process <EMAIL_1> order",
    pii_mapping={
        "<EMAIL_1>": "customer@example.com",
        "<NAME_1>": "Alex Taylor",
    },
)
print(response)

curl -X POST "$AIP_API_URL/agents/$AGENT_ID/run" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $AIP_API_KEY" \
  -d '{
        "input": "Process <EMAIL_1> order",
        "pii_mapping": {
          "<EMAIL_1>": "customer@example.com",
          "<NAME_1>": "Alex Taylor"
        }
      }'

Until CLI flags ship, export the agent JSON, add a pii_mapping example, and re-import for automation scenarios.

Common security gaps

Symptom

Likely cause

Fix

PII still appears in outputs

Redaction rules incomplete or mismatch between SDK and backend.

Expand pii_mapping entries and test with sample payloads.

Shared artifacts visible to unintended teams

agent_config.tool_output_sharing left enabled.

Disable sharing or scope agents per team.

Keys leaked in repos

Credentials stored in .env committed accidentally.

Add .env to .gitignore, rotate keys, and use secrets managers.

Expired presigned URLs break workflows

Long-running jobs using stale download links.

Regenerate URLs via the utilities endpoint before reuse.

When to use: Limit which agents or collaborators can see tool artifacts.

client.agents.update_agent(
    agent_id,
    agent_config={"tool_output_sharing": False}
)

True — downstream agents can reuse artifacts and tables produced by the agent.
False — artifacts stay isolated to the producing agent.

Configure the field through agent payloads; the CLI will expose a dedicated flag in a future release.

Manage Memory Scope

When to use: Keep conversation history compliant while preserving useful context.

Use agent_config["memory"] = "mem0" to persist conversation state between runs. Share memory only when agents belong to the same account and should retain context; otherwise leave memory unset for stateless behaviour.

API Key Hygiene

When to use: Rotate, scope, and store credentials safely across teams.

Issue separate keys per environment

Create unique API keys for dev, staging, and production to reduce blast radius.

Store keys securely

Keep keys in environment variables or secure stores. Note: aip configure saves them locally under ~/.aip/config.yaml.

Rotate and revoke regularly

Rotate keys on a schedule and revoke any unused values after testing.

Limit master key usage

The master API key bypasses account scoping—limit its usage to platform operators.

Presigned Artifact Management

When to use: Secure file downloads and prevent stale links from leaking data.

Each run response may include presigned URLs for uploaded artifacts.

If a URL expires, regenerate it:

curl -X POST "$AIP_API_URL/utils/regenerate_presigned_url" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $AIP_API_KEY" \
  -d '{"object_path": "artifacts/agent/run123/report.pdf", "expires_in_hours": 24}'

Keep regenerated URLs short-lived and avoid sharing them broadly.

Audit Trails

When to use: Document who changed what and when for compliance or incident response.

curl -sL "$AIP_API_URL/agents/$AGENT_ID/runs" -H "X-API-Key: $AIP_API_KEY" | jq

Use run history to trace PII usage, artifact creation, and tool activity until SDK/CLI wrappers expose the endpoint directly.

Agents guide — configure pii_mapping, tool_configs, and memory alongside other agent features.
File processing — handle uploaded artifacts and chunk reuse securely.
Automation & scripting — integrate security checks into CI pipelines.

最后更新于 6个月前

hashtagMask PII During Runs

hashtagCommon security gaps

hashtagControl Tool Output Sharing

hashtagManage Memory Scope

hashtagAPI Key Hygiene

hashtagIssue separate keys per environment

hashtagStore keys securely

hashtagRotate and revoke regularly

hashtagLimit master key usage

hashtagPresigned Artifact Management

hashtagAudit Trails

hashtagRelated Documentation