Secure Your CrewAI Agents With AuthSec Delegation Tokens

★ KEY TAKEAWAYS

01Every AuthSecSecureFetchTool call gets its own short-lived JWT — credentials in logs are already expired.
02MOCK mode exercises the full token flow in CI with no server and no secrets required.
03Scope is enforced at the API layer, not in agent code — misconfiguration can't grant more access than the token allows.

Static API keys in CrewAI tools give every agent a master key that never expires. AuthSec's authsec-crewai SDK replaces them with short-lived, RS256-signed delegation tokens — scoped per call, auditable, and dead on arrival if they leak.

The Problem

A CrewAI tool that reaches into a protected API is a privileged workload. If the credential it carries leaks — through a log line, a trace, a misconfigured .env file — everything that key can access is now accessible to whoever finds it.

Static API keys make the blast radius enormous:

They don't expire on their own
They carry no identity — you can't tell which agent used them or when
They're scoped to everything the key allows, not just what the tool needs
Revoking them takes down every other tool or service sharing the same key

The Idea: Tool-Native Delegation

AuthSec issues short-lived, RS256-signed JWTs scoped to specific permissions. Instead of storing a credential, your AuthSecSecureFetchTool requests a token at call time, uses it for that request, and lets it expire. The raw credential for the downstream API never touches your agent at all.

terminal

Agent.run()
      │
      ▼
AuthSecSecureFetchTool._run()
      │
      ▼
AuthSec /delegation-token endpoint
  (verified by client ID)
      │
      ▼
Short-lived RS256 JWT
  (scoped, SPIFFE-identified, TTL ~30 min)
      │
      ▼
Protected API  ──►  JSON response
      │
      ▼
Tool result back to CrewAI agent

AuthSecSecureFetchTool is a standard CrewAI BaseTool subclass. Drop it into any agent's toolset and it just works — the token lifecycle is handled inside the SDK.

Install

terminal

pip install authsec-crewai

Give an Agent Access to a Protected Endpoint

terminal

from authsec_crewai.tools import AuthSecSecureFetchTool
from crewai import Agent, Task, Crew

secure_tool = AuthSecSecureFetchTool()

analyst = Agent(
    role="Security Analyst",
    goal="Retrieve and summarize restricted internal data",
    backstory="You are a security analyst with delegated access to internal metrics.",
    tools=[secure_tool],
    verbose=True,
)

task = Task(
    description="Fetch the latest metrics from the secure vault and summarize them.",
    expected_output="A brief summary of the retrieved metrics data.",
    agent=analyst,
)

crew = Crew(agents=[analyst], tasks=[task], verbose=True)
crew.kickoff()

That's the full integration. No token management, no credential storage, no manual Authorization header construction. The tool handles it.

What Happens Under the Hood

When the agent invokes AuthSecSecureFetchTool, the SDK executes a clean four-step exchange:

1. AuthSecClient sends GET /authsec/uflow/sdk/delegation-token with the agent's client ID. 2. AuthSec verifies the identity and returns a signed JWT carrying the requested scope and a SPIFFE subject binding. 3. The tool sends the downstream API request with Authorization: Bearer <token>. 4. The JSON response is returned as the tool result, ready for the agent to reason over.

The token log in a live run looks like this:

terminal

[AuthSec SDK] [Mode] LIVE — using official authsec-langchain-sdk
  |- Base URL  : https://prod.api.authsec.ai
  |- Client ID : fe6d5a81-58ac-4c4b-85fa-f84b6c9cb73d
[AuthSec SDK] [Delegation] Requesting delegation token via official SDK...
[AuthSec SDK] [Success] LIVE delegation token acquired via official SDK.
  |- Token  : eyJhbGciOiJSUzI1NiIsInR5...
  |- Cache  : SDK caches token internally (auto-refreshes on expiry).

What You Get

Replacing static keys with delegation tokens through authsec-crewai gives you five properties that long-lived credentials simply cannot provide:

Ephemeral credentials — a delegation token issued for one tool call is expired before the next one starts. A token in a log file is already dead.
Least-privilege per tool call — read:metrics cannot read records. The scope travels with the token and is enforced at the API, not in the agent code.
Full audit trail — every token request carries the agent's client ID. The AuthSec server knows which agent fetched what, when, and under which scope.
No rotation burden — the client ID is long-lived; the tokens it generates are not. Revoke access through the AuthSec dashboard and the next tool call gets a 401 — cleanly, immediately.
Drop-in BaseTool compatibility — AuthSecSecureFetchTool extends CrewAI's BaseTool directly. It works with any agent, task, or crew configuration that accepts a standard tool.

Trying It Without a Full Setup

No AuthSec account needed to explore the integration. Omit the environment variables and the SDK falls back to MOCK mode automatically:

terminal

from authsec_crewai.tools import AuthSecSecureFetchTool

tool = AuthSecSecureFetchTool()

# Call the tool directly — no agent or crew needed
result = tool._run(endpoint="secure-vault/records", scope="read:records")
print(result)

You get realistic mock records, a locally-generated JWT, and the complete tool invocation path — enough to build and test your agent logic before touching a real protected API.