All posts
June 16, 20263 min read

Putting access controls around Devin: production access for AI coding agents

Here is the shortest safe path to giving Devin production access to a database, start to finish, without leaving a standing credential lying around. The whole point is to get a working, governed connection up fast, so you can see the controls in action before you scale them out across more agents and more databases. The rule that makes it safe is simple: Devin never holds the production secret. It reaches production through a gateway that does, and the gateway is where every control lives. Th

Free White Paper

AI Model Access Control + Customer Support Access to Production: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Here is the shortest safe path to giving Devin production access to a database, start to finish, without leaving a standing credential lying around. The whole point is to get a working, governed connection up fast, so you can see the controls in action before you scale them out across more agents and more databases.

The rule that makes it safe is simple: Devin never holds the production secret. It reaches production through a gateway that does, and the gateway is where every control lives.

The first connection that gives Devin production access

hoop.dev is an open-source Layer 7 access gateway. You run a small agent near your database, it dials out to the gateway, and Devin reaches production through that path. No inbound firewall rule, no VPN, nothing exposed.

  1. Install the hoop.dev agent on a host that can reach the production database.
  2. Register the database as a connection and put the credential on the connection, not in Devin.
  3. Map Devin's identity to a scoped role: read on the tables it needs, no DDL.
  4. Turn on session recording and set writes to require approval.
  5. Point Devin at the gateway connection and run a single read query.

That read should return immediately, with sensitive fields masked, and show up as a recorded session. You now have governed production access without a key in Devin's environment, and you got there in the time it takes to install a binary and fill in a connection. The setup is walked through on the hoop.dev site.

Why this is the right shape

Production access for an autonomous agent is dangerous for one reason: standing access. A credential that exists all the time can be misused all the time, by the agent or by anything that reads its environment. Granting access just in time, scoped to one connection, collapses that window. The agent gets in for the task and out when it is done, and the gateway holds the only durable credential.

  • No standing secret in Devin to leak.
  • Command-level recording outside the agent, so you can see what ran and not just what Devin says it ran.
  • Inline masking on supported databases, so PII does not flow back in the clear.
  • Approval on writes, so a destructive command pauses for a person.

hoop.dev governs the connection Devin uses. It does not run inside Devin or inspect its prompts; it controls the route to production, which is what needs controlling.

Continue reading? Get the full guide.

AI Model Access Control + Customer Support Access to Production: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Pitfalls to avoid

Do not start by handing Devin a superuser connection "just to test." Test with the scoped role from the first minute, or the test habits become the production habits. Do not skip the approval rule on the first connection; it is the cheapest insurance against a bad write. And do not leave the credential anywhere but on the connection, where the gateway can rotate and protect it.

Once the first connection works, scaling is mostly repetition with one rule held constant. Each new database is another registered connection with its own scoped identity and its own approval threshold. You do not hand Devin a wider credential to cover more systems; you add more narrow connections, each governed on its own terms. That keeps the blast radius of any single connection small even as the number of systems the agent can reach grows. The temptation is to consolidate into one broad role for convenience, and it is the one move that quietly undoes everything the first connection bought you.

It also keeps approvals meaningful. When each connection carries a rule sized to its own risk, an approver sees a request that actually means something, not a generic prompt they learn to click through. A request to write to the billing database reads differently from a read against a reporting replica, and the approver should be able to tell them apart at a glance.

FAQ

How fast can I get a first connection working?

Running the agent, registering one connection, and connecting Devin is a few minutes of setup. The masking and approval rules are toggles on the connection.

Does Devin ever see the production password?

No. The credential lives on the connection at the gateway. Devin authenticates as itself and reaches production through the proxy.

Is hoop.dev open source?

Yes, it is MIT licensed.

Get a governed first connection running now. Grab the binary from the hoop.dev GitHub repository and follow the getting started guide to register your first production connection.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot