Skip to main content

Enhanced Agent Security

The agent is a system that has higher privileges in a private infrastructure, the created tasks are processed and executed through an authentication that maps an api key of an organization, however there's no way to guarantee that task is being executed by an authenticated and authorized user session. This requirement may be important to organizations in which requires this sort of enforcement.

The JWT tokens are kept in memory only during the execution of a task, they are never persisted.

Main Benefits

  • Prevents the execution of tasks without authenticated the user session token
  • Enforced with the use of external auth providers (Okta, Auth0, ORY Hydra, etc)


  • Slack Tasks / REPL are disabled when this option is set
  • Automation of rotating keys is not yet supported

⚠️ Toggling between this feature (JWK_URL=) could be harmful of stale tasks being executed, perform this operation with careful.


Set the enviroment variable JWK_URL containing the public keys of your auth provider before starting the agent, the supported algorithms are RS256 and ECDSA256. To enforce authentication using our auth provider:

  • JWK_URL=