AegisAegis
Dashboard
AegisAegis Developer Portal

Developer Search

Press ⌘K or Ctrl+K to jump through guides and public API docs for user-owned master key and scoped credential flows.

Examples

Runnable Examples

Reference snippets for the most common integration tasks. Use these as smoke-test baselines in CI and platform onboarding while keeping credential authority scoped and user-owned key material off the wire.

TypeScript: Mint User Token

const mint = await brokerClient.mintUserApiToken({
  tenantId: "business-default",
  requestedScopes: [
    "credential.lease.create:provider:gcp:app:billing-prod:account:deploy-bot",
    "credential.lease.redeem:provider:gcp:app:billing-prod:account:deploy-bot"
  ],
  requestedTtlSeconds: 600,
  popKeyId: "key-01"
});

Go: Mint User Token

mintResp, err := brokerClient.MintUserApiToken(ctx, connect.NewRequest(&aegisv1.MintUserApiTokenRequest{
  TenantId: "business-default",
  RequestedScopes: []string{
    "credential.lease.create:app:github:account:svc-github",
  },
  PopKeyId: "key-01",
}))

Bash: Create Lease

curl -sS -X POST "$API_BASE/aegis.v1.BrokerService/CreateCredentialLease" \
  -H "Authorization: Bearer $BROKER_TOKEN" \
  -H "Content-Type: application/json" \
  -d @create-lease.json

Usage Notes

  • Always include sender-constrained request proof on lease operations.
  • Never use wildcard selectors for user-minted credential scopes.
  • Verify failure-path behavior as strictly as success-path behavior.
  • Preserve the ownership model: master key derivation and plaintext unlock stay client-side.