Security & mTLS identity
The agent is designed so that adding it to a server reduces your attack surface rather than adding to it.
A cryptographic identity per agent
Enrollment doesn’t hand the agent a shared secret. Instead:
- The agent generates a private key locally — it never leaves the host.
- It sends only a certificate signing request. Demerzel returns a certificate whose identity (
demerzel://tenant/agent) is assigned by the server, not chosen by the agent. - From then on the agent authenticates with that certificate (mTLS). The enrollment token is single-use and burned.
No inbound surface
The agent is outbound-only. It opens HTTPS connections to Demerzel and listens on nothing. There is no port to firewall, no daemon to exploit for remote access, and no command channel back to your servers.
Least privilege
Run the agent as an unprivileged system user that owns only its config directory (see Run the agent as a service). Its stored key and certificate are readable only by that user.
Evidence integrity
Everything the agent reports is recorded as immutable, append-only evidence on the server. Facts are never overwritten, so history is replayable and tampering is detectable.
Read-only, by construction. The agent cannot change your systems. Even a fully compromised Demerzel server has no path to execute anything on an agent host.