Infisical Agentic Access
Infisical exposes 1996 API operations that an AI agent could call, of which 1172 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 824 read, 1122 write, 43 physical, and 7 safety-critical.
7 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /api/v1/auth/token-auth/tokens/{tokenId}/revoke | safety-critical | required |
| POST | /api/v1/auth/token/revoke | safety-critical | required |
| POST | /api/v1/auth/universal-auth/identities/{identityId}/client-secrets/{clientSecretId}/revoke | safety-critical | required |
| POST | /api/v1/cert-manager/certificates/{id}/revoke | safety-critical | required |
| POST | /api/v1/cert-manager/signers/{signerId}/requests/{requestId}/revoke | safety-critical | required |
| POST | /api/v1/cert-manager/syncs/{pkiSyncId}/certificates | safety-critical | required |
| POST | /api/v1/pki/certificates/{serialNumber}/revoke | safety-critical | required |
| POST | /api/v1/app-connections/octopus-deploy | physical | conditional |
| PATCH | /api/v1/app-connections/octopus-deploy/{connectionId} | physical | conditional |
| DELETE | /api/v1/app-connections/octopus-deploy/{connectionId} | physical | conditional |
| POST | /api/v1/app-connections/octopus-deploy/{connectionId}/rotate-credentials | physical | conditional |
| POST | /api/v1/cert-manager/acme/profiles/{profileId}/accounts/{accountId}/orders | physical | conditional |
| POST | /api/v1/cert-manager/acme/profiles/{profileId}/new-order | physical | conditional |
| POST | /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId} | physical | conditional |
| POST | /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}/certificate | physical | conditional |
| POST | /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}/finalize | physical | conditional |
| POST | /api/v1/organizations/memberships/groups/{groupId} | physical | conditional |
| PATCH | /api/v1/organizations/memberships/groups/{groupId} | physical | conditional |
| DELETE | /api/v1/organizations/memberships/groups/{groupId} | physical | conditional |
| POST | /api/v1/pki/subscribers/{subscriberName}/order-certificate | physical | conditional |
| POST | /api/v1/projects/{projectId}/identity-memberships/{identityId} | physical | conditional |
| PATCH | /api/v1/projects/{projectId}/identity-memberships/{identityId} | physical | conditional |
| DELETE | /api/v1/projects/{projectId}/identity-memberships/{identityId} | physical | conditional |
| POST | /api/v1/projects/{projectId}/memberships | physical | conditional |
| DELETE | /api/v1/projects/{projectId}/memberships | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/infisical-infisical-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 1996
by_action_class:
acting: 1172
connected: 824
by_consequence:
write: 1122
read: 824
physical: 43
safety-critical: 7
human_in_the_loop_required: 7
operations:
- path: /api/v1/organization/roles
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization/roles
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organization/roles/{roleId}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organization/roles/{roleId}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization/roles/{roleId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization/roles/slug/{roleSlug}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/sub-organizations
method: post
operationId: createSubOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sub-organizations
method: get
operationId: listSubOrganizations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/sub-organizations/{subOrgId}
method: patch
operationId: updateSubOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sub-organizations/{subOrgId}
method: delete
operationId: deleteSubOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sub-organizations/{subOrgId}/memberships
method: post
operationId: createSubOrganizationMembership
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/workspace/{workspaceId}/secret-snapshots
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/projects/{projectId}/roles
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/projects/{projectId}/roles
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/projects/{projectId}/roles/{roleId}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/projects/{projectId}/roles/{roleId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/projects/{projectId}/roles/slug/{roleSlug}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/projects/{projectId}/secret-snapshots
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/dynamic-secrets
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/dynamic-secrets
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/dynamic-secrets/{name}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/dynamic-secrets/{name}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/dynamic-secrets/{name}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/dynamic-secrets/{name}/leases
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/dynamic-secrets/leases
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/dynamic-secrets/leases/{leaseId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/dynamic-secrets/leases/{leaseId}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/dynamic-secrets/leases/{leaseId}/renew
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/dynamic-secrets/leases/kubernetes
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/relays
method: get
operationId: getRelays
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/acme/profiles/{profileId}/directory
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/acme/profiles/{profileId}/new-nonce
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/acme/profiles/{profileId}/new-account
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/accounts/{accountId}
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/new-order
method: post
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}
method: post
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}/finalize
method: post
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/accounts/{accountId}/orders
method: post
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/orders/{orderId}/certificate
method: post
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/authorizations/{authzId}
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/profiles/{profileId}/authorizations/{authzId}/challenges/{challengeId}
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/acme/applications/{applicationId}/profiles/{profileId}/directory
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/acme/applications/{applicationId}/profiles/{profileId}/new-account
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/discovery-jobs/config
method: get
operationId: getPkiDiscoveryConfig
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/discovery-jobs
method: post
operationId: createPkiDiscovery
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/discovery-jobs
method: get
operationId: listPkiDiscoveries
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/discovery-jobs/{discoveryId}
method: get
operationId: getPkiDiscovery
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/discovery-jobs/{discoveryId}
method: patch
operationId: updatePkiDiscovery
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/discovery-jobs/{discoveryId}
method: delete
operationId: deletePkiDiscovery
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/discovery-jobs/{discoveryId}/scan
method: post
operationId: triggerPkiDiscoveryScan
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/discovery-jobs/{discoveryId}/latest-scan
method: get
operationId: getPkiDiscoveryLatestScan
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/discovery-jobs/{discoveryId}/scans
method: get
operationId: listPkiDiscoveryScans
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/installations
method: get
operationId: listPkiInstallations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/installations/{installationId}
method: get
operationId: getPkiInstallation
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/cert-manager/installations/{installationId}
method: patch
operationId: updatePkiInstallation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/cert-manager/installations/{installationId}
method: delete
operationId: deletePkiInstallation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/ca
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/ca/{sshCaId}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/ca/{sshCaId}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/ca/{sshCaId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/ca/{sshCaId}/public-key
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/ca/{sshCaId}/certificate-templates
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/certificates/sign
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/certificates/issue
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/certificate-templates/{certificateTemplateId}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/certificate-templates/{certificateTemplateId}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/certificate-templates/{certificateTemplateId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/certificate-templates
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/hosts
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/hosts
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/hosts/{sshHostId}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/hosts/{sshHostId}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/hosts/{sshHostId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/hosts/{sshHostId}/issue-user-cert
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/hosts/{sshHostId}/issue-host-cert
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/hosts/{sshHostId}/user-ca-public-key
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/hosts/{sshHostId}/host-ca-public-key
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/host-groups/{sshHostGroupId}
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/host-groups/{sshHostGroupId}
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/host-groups/{sshHostGroupId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/host-groups
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/host-groups/{sshHostGroupId}/hosts
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ssh/host-groups/{sshHostGroupId}/hosts/{hostId}
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ssh/host-groups/{sshHostGroupId}/hosts/{hostId}
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sso/config
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/sso/config
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sso/config
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sso/oidc/config
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/sso/oidc/config
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/sso/oidc/config
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ldap/config
method: get
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/ldap/config
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/ldap/config
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups
method: post
operationId: createGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups
method: get
operationId: listGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/groups/{id}
method: get
operationId: getGroupById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/groups/{id}
method: patch
operationId: updateGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups/{id}
method: delete
operationId: deleteGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups/{id}/users
method: get
operationId: listGroupUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/groups/{id}/machine-identities
method: get
operationId: listGroupMachineIdentities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/groups/{id}/members
method: get
operationId: listGroupMembers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/groups/{id}/projects
method: get
operationId: listGroupProjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/groups/{id}/users/{username}
method: post
operationId: addUserToGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups/{id}/users/{username}
method: delete
operationId: removeUserFromGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups/{id}/machine-identities/{machineIdentityId}
method: post
operationId: addMachineIdentityToGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/groups/{id}/machine-identities/{machineIdentityId}
method: delete
operationId: removeMachineIdentityFromGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/additional-privilege/identity/permanent
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/additional-privilege/identity/temporary
method: post
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/additional-privilege/identity
method: patch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/additional-privilege/identity
method: delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
# --- truncated at 32 KB (628 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/infisical/refs/heads/main/agentic-access/infisical-agentic-access.yml