Beyond API Keys: Fine-Grained AI Agent Authorization for DevOps with OpenFGA

Description:

AI agents are becoming first-class actors in DevOps platforms. They open pull requests, trigger CI/CD pipelines, scale Kubernetes workloads, and respond to incidents and, all of this increasingly without a human in the loop. Yet most organizations still authorize these agents with static API keys, personal access tokens, and broadly scoped CI secrets.

This creates a dangerous gap. Tokens prove identity, but they don't answer the question that actually matters: *Should this agent perform this action, for this user, on this resource, in this environment, right now?*

In this talk, I'll break down why token-based authorization fails for agentic DevOps (over-privileged bots, context-blind decisions, and zero auditability) and introduce a practical architecture that closes the gap: an **Agent Gateway** backed by **OpenFGA**, an open-source Relationship-Based Access Control (ReBAC) engine.

You'll see a **live demo running inside Kubernetes** that walks through real scenarios:

- **GitOps governance:** Contributors can open PRs; only maintainers can merge to main.

- **Deployment promotion:** Staging deploys move fast; production requires explicit human approval.

- **Agent trust boundaries:** Approved bots act; unknown bots are denied —> no implicit trust.

Every action flows through the gateway: **AI Agent → Agent Gateway → OpenFGA → downstream system**. Authorization decisions are relationship-based, computed at runtime, and fully auditable.

You'll walk away with a concrete, reusable pattern (authorization model, trust tuples, gateway design) that you can adopt in your own platform. No vendor lock-in. No custom policy DSL. Just declarative relationships and an open-source engine that treats authorization as a control plane, not an afterthought.