All posts
June 18, 20263 min read

PAM in Function Calling, Explained

Function calling without privileged access management (pam) leaves your code vulnerable to credential leakage and unchecked execution. In many teams, developers embed API keys, database passwords, or cloud tokens directly in the function payload or source repository. Those secrets travel in clear text across internal networks, are cached by runtimes, and can be extracted by anyone with read access to the code base. Because the call is made directly from the function to the target service, there

Free White Paper

Function Calling Security + Just-in-Time Access: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Function calling without privileged access management (pam) leaves your code vulnerable to credential leakage and unchecked execution.

In many teams, developers embed API keys, database passwords, or cloud tokens directly in the function payload or source repository. Those secrets travel in clear text across internal networks, are cached by runtimes, and can be extracted by anyone with read access to the code base. Because the call is made directly from the function to the target service, there is no central point that can see who initiated the request, what parameters were used, or whether the operation complied with corporate policy. The result is a blind spot: a successful breach can go unnoticed for weeks, and compliance auditors have no evidence of who accessed which resource.

Introducing pam into the workflow sounds like a fix, but it often stops at the perimeter. Teams may provision a service account with narrowly scoped IAM permissions and configure the function to assume that role. The function still contacts the backend directly, bypassing any audit layer. No inline masking of sensitive response fields occurs, and there is no real‑time approval step for risky actions. The request reaches the target, but the organization retains no visibility, no replay capability, and no way to block a dangerous command before it runs.

hoop.dev solves this gap by becoming the mandatory data path for every function call that requires pam enforcement. The gateway sits between the function runtime and the downstream service, inspecting the wire‑protocol payload, applying pam policies, and recording the entire session. Because all traffic must flow through hoop.dev, it is the only place where masking, just‑in‑time (JIT) approvals, and command‑level blocking can be enforced.

How pam applies to function calling

Pam is the discipline of granting, monitoring, and revoking privileged access. In the context of function calling, pam means that a function should only be able to perform actions that have been explicitly authorized for the identity that invoked it. This includes:

  • Verifying the caller’s identity against an OIDC or SAML provider.
  • Ensuring the function’s service account has the minimal set of permissions required for the specific operation.
  • Recording the request, response, and any user‑provided parameters for later audit.
  • Masking any sensitive data that appears in the response before it reaches the function.

When these steps are performed inside the data path, an organization can prove that privileged actions were both allowed and monitored, satisfying internal security policies and external audit requirements.

Why the data path matters

The only reliable way to guarantee that pam controls are applied is to place them where the traffic cannot be bypassed. hoop.dev acts as an identity‑aware proxy that terminates the inbound connection, validates the caller, and then forwards the request to the target service using its own credential. Because the function never sees the target credential, the risk of credential exfiltration is eliminated.

Continue reading? Get the full guide.

Function Calling Security + Just-in-Time Access: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

All enforcement outcomes, session recording, inline data masking, JIT approval, and command blocking, are produced by hoop.dev itself. If the gateway were removed, none of those outcomes would exist, proving that hoop.dev is the essential enforcement point.

Setting up the environment (setup)

The first step is to configure an identity provider that issues short‑lived OIDC tokens for developers, CI pipelines, or AI agents. Those tokens carry group membership that hoop.dev uses to decide which pam policies apply. Next, register the function endpoint as a connection in hoop.dev, supplying the target host and the service‑account credential that the gateway will use. Because the credential lives only inside the gateway, the function runtime never handles it directly.

Finally, define pam policies that describe which identities may call which functions, what parameters are allowed, and which responses must be masked. Policies can require a human approval step for high‑risk operations, such as modifying production databases or invoking privileged cloud APIs.

Enforcement outcomes delivered by hoop.dev

Once the gateway is in place, every function call is subject to the following controls:

  • Session recording: hoop.dev captures the full request and response stream, enabling replay for forensic analysis.
  • Inline masking: Sensitive fields like credit‑card numbers or personal identifiers are redacted before the data reaches the function.
  • Just‑in‑time approval: If a call matches a high‑risk policy, hoop.dev pauses the request and routes it to an approver, ensuring no privileged action happens without explicit consent.
  • Command blocking: Dangerous commands (for example, DROP DATABASE) can be rejected automatically based on policy rules.

All of these outcomes exist because hoop.dev sits in the data path; without it, the function would communicate directly with the backend and none of these protections would be applied.

Getting started

To try this approach, follow the getting started guide for a quick Docker Compose deployment. The guide walks you through connecting an OIDC provider, registering a function endpoint, and enabling pam policies. For deeper details on policy syntax and masking options, visit the learn section of the documentation.

FAQ

Q: Does hoop.dev replace existing IAM roles?
A: No. hoop.dev complements IAM by using a service‑account credential internally while enforcing pam policies at the gateway level.

Q: Can I audit function calls after the fact?
A: Yes. hoop.dev stores a replayable session for every call, providing a complete audit trail for compliance and incident response.

Q: Is any code change required in the function?
A: No. Functions continue to use their normal client libraries; the only change is configuring the endpoint to point at the hoop.dev gateway.

Explore the source code, contribute improvements, or file issues on the GitHub repository.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot