Find an agent’s SPIFFE ID
Each AgentValet agent has a SPIFFE-style identifier in addition to its short ID. It’s useful when you’re integrating AgentValet with another system that wants a structured workload identity (AuthZEN policies, SPIFFE-aware service meshes, etc.).
Where it lives
/agents/:id → top of the page, alongside the agent name, status, and rate limit.
There’s a Copy icon next to the SPIFFE ID. Click it; you’ll see a brief “Copied!” confirmation.
Format
It looks like:
spiffe://agentvalet.ai/owners/<owner_id>/agents/<agent_id>This format encodes:
- The trust domain (
agentvalet.ai) - The owner this agent belongs to
- The agent’s own identifier
Where to use it
The most common use is as the subject field in AuthZEN policy evaluations if you’re building an authorisation gate on top of AgentValet. You can also use it:
- As a stable identifier in your own logs (longer than the short ID, but unambiguous about owner)
- In SPIFFE-aware infrastructure (service mesh, OPA policies) as the workload ID
- In incident reports — naming the agent by its full SPIFFE ID disambiguates if two owners happen to name agents the same thing
Where it’s NOT used
The agent’s MCP calls don’t identify by SPIFFE. The JWT they sign carries the short agent_id in the sub claim. SPIFFE is metadata for your downstream systems, not the proxy itself.