All posts
June 18, 20263 min read

Non-human identity for AI coding agents on EKS

When a nightly build runs an AI‑driven code‑generation job, it needs to push a new container image into a Kubernetes cluster and then execute a health‑check pod. Because the process runs without a person, it requires a non-human identity to be granted access. Using a non-human identity ensures the AI agent is treated as a distinct service principal, separate from any human user. In many organizations, the token used for such jobs is shared across dozens of pipelines, never rotated, and never ti

Free White Paper

Non-Human Identity Management + AI Human-in-the-Loop Oversight: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

When a nightly build runs an AI‑driven code‑generation job, it needs to push a new container image into a Kubernetes cluster and then execute a health‑check pod. Because the process runs without a person, it requires a non-human identity to be granted access. Using a non-human identity ensures the AI agent is treated as a distinct service principal, separate from any human user.

In many organizations, the token used for such jobs is shared across dozens of pipelines, never rotated, and never tied to a specific execution. The AI agent can reach the EKS control plane, create or delete resources, and there is no record of which pipeline triggered which command. If a rogue model generates a destructive delete request using kubectl, the damage is done before anyone notices.

Why non-human identity alone isn’t enough

Assigning a dedicated IAM role to an AI process is a step forward. The role isolates the credentials from human users and can be scoped to the cluster’s RBAC groups. This is the essence of non-human identity: the agent presents a machine‑specific identity that the cloud provider can audit.

However, the identity check happens at the authentication layer only. Once the role is accepted, the request flows directly to the Kubernetes API server. There is still no guarantee that the command is safe, no live inspection of the payload, and no immutable log that captures the exact sequence of API calls. In short, the data path lacks a guardrail.

hoop.dev as the enforcement layer

Enter hoop.dev. The gateway sits between the AI agent and the EKS cluster, acting as a Layer 7 proxy for the Kubernetes protocol. The agent authenticates to hoop.dev with an OIDC token that represents its non‑human identity. hoop.dev then assumes the IAM role configured on the EKS connection and forwards the request to the cluster.

Because the gateway is in the data path, hoop.dev can enforce policies on every API call. It can:

  • Record each kubectl or exec session, storing a replay‑able audit trail.
  • Mask sensitive fields in API responses, such as secret data in ConfigMaps.
  • Require human approval for high‑risk operations, like deleting a namespace.
  • Block commands that match a deny list before they reach the cluster.
  • Scope the assumed IAM role to the exact RBAC permissions needed for that request, granting just‑in‑time access.

All of these enforcement outcomes are possible only because hoop.dev is the only point where traffic can be inspected and altered. The non‑human identity of the AI agent tells hoop.dev who is asking, but hoop.dev decides what the request may do and records what actually happened.

Continue reading? Get the full guide.

Non-Human Identity Management + AI Human-in-the-Loop Oversight: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Getting started with AI agents on EKS

Deploy the hoop.dev gateway in the same network as your EKS cluster, typically via the provided Docker Compose file or a Kubernetes manifest. Register a new connection for the cluster, supplying the ARN of the IAM role that the gateway should assume. Configure the OIDC provider that issues tokens for your AI agents, this could be the same provider you use for human engineers.

When the CI job runs, it obtains an OIDC token, calls the hoop.dev CLI (or uses any standard kubectl client pointed at the hoop.dev endpoint), and proceeds as if it were talking directly to the cluster. The gateway enforces the policies you defined, records the session, and masks any secrets that the job might accidentally read.

For a step‑by‑step walkthrough, see the getting‑started guide. The learn section dives deeper into masking, guardrails, and session replay.

FAQ

How does hoop.dev authenticate an AI coding agent?

The agent presents an OIDC token that represents its non‑human identity. hoop.dev validates the token against the configured IdP, extracts the group claims, and maps them to the appropriate IAM role for the EKS connection.

What happens to the underlying credentials?

The IAM role that grants access to the cluster is stored inside hoop.dev. The AI agent never sees the raw credential; the gateway assumes the role on its behalf for each request.

Can I replay an AI‑initiated kubectl session?

Yes. hoop.dev records every command and response, allowing you to replay the exact interaction later for forensic analysis or compliance reporting.

By placing the gateway in the data path, you turn a risky, unchecked AI connection into a transparent, auditable, and controllable workflow.

Explore the open‑source code on GitHub to see how the project is built and to contribute.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot