What is Agent Access Manager?
Agent Access Manager is a self-hosted security and governance layer that sits between your applications and your LLM vendors. You give it the master API keys for your providers — OpenAI, Anthropic, Gemini, Vertex AI, a local Ollama, anything OpenAI-compatible — and it gives your applications a single OpenAI-compatible endpoint and its own revocable virtual keys. Every call is routed, load-balanced, metered, screened, and written to an audit trail.
Think of it as one door in, many vendors out, with a record of everything.
What it does for you
- One endpoint, many vendors. Applications call the same OpenAI-style API and ask for a model by an alias you define (for example
fast). The gateway decides which real vendor and model serve the request, spreads load across several deployments, and falls back when one is down. Switching an alias from OpenAI to a local Ollama or to Anthropic never changes a line of application code. - Virtual keys instead of master keys. You never hand real vendor keys to applications. You mint virtual keys from the gateway; they are vendor-agnostic, revocable, scoped, and can expire. The real vendor keys stay AES-256-GCM encrypted inside the gateway.
- Limits that hold. Budgets (tokens or currency) and rate limits (RPM/TPM) attach to an organization, a team, a project, or a single key — and are enforced at every level at once. The tightest limit wins.
- Guardrails on content. Pre- and post-call screening detects PII, secrets, and denylisted content, then allows, flags, redacts, or blocks per policy — including on streamed responses.
- A record of every call. Each request is written to a durable audit log with who made it, which provider and model served it, token usage, cost, and outcome. That one event stream also feeds spend metering, alerts, reports, and the optional SIEM/SOAR security stack.
Who uses it, and how
There are two completely separate front doors:
| Data plane | Admin plane | |
|---|---|---|
| Who | Your applications and agents | Humans and automation administering the product |
| Surface | POST /v1/chat/completions, /v1/messages, /v1/responses, /v1/embeddings, GET /v1/models | The dashboard and the /admin REST API |
| Credential | A sk-… virtual key (Bearer or x-api-key) | SSO session (Keycloak or your OIDC IdP), break-glass Basic admin, or an OIDC Bearer token |
Everything you can click in the dashboard you can also script: every screen is a thin face over the Admin API, and the dashboard console ships with the product — nothing depends on a vendor cloud.
The dashboard at a glance
The console has a fixed left rail grouped into four working areas plus account settings:
| Group | Pages | What you do there |
|---|---|---|
| Overview | Overview | Traffic, spend, and health at a glance |
| Operate | Organizations, Virtual keys, Catalog, Playground, Budgets, Rate limits | Day-to-day setup: tenants and teams, keys, providers and model aliases, live model testing, quotas |
| Govern | Guardrails, Notifications, Audit & usage, Reports, Sign-in activity | Content policy, alerting, the audit trail, scheduled reports, login forensics |
| Investigate | SIEM, UEBA, SOAR | Security-event search, anomaly detection, automated containment (Pro editions) |
| Account | Settings, Profile | Mail server, authentication posture, personal preferences |
Editions: one product, tiered
There is one binary and one dashboard. An edition is simply which optional infrastructure you switch on — nothing is a different build, so you can grow from a single box to a cluster without reinstalling or relearning the UI.
| Lite | Base | Pro | Pro AI | Distributed | |
|---|---|---|---|---|---|
| Gateway, virtual keys, catalog, routing | ✓ | ✓ | ✓ | ✓ | ✓ |
| Guardrails (pattern detectors), budgets, rate limits, notifications, reports | ✓ | ✓ | ✓ | ✓ | ✓ |
| SOAR automated containment | — | ✓ | ✓ | ✓ | ✓ |
| SIEM search, detections, Sigma rules, UEBA (OpenSearch) | — | — | ✓ | ✓ | ✓ |
| AI-classifier guardrails (Presidio PII, Llama Guard content safety) | — | — | — | ✓ | optional |
| Audit system of record | Postgres | Postgres | OpenSearch | OpenSearch | OpenSearch |
| App replicas behind a load balancer, shared Valkey | — | — | — | — | ✓ |
Every edition bundles the gateway application, the dashboard, PostgreSQL, an nginx edge, and Keycloak for SSO. See Installation for how editions map to installer flags.
Where to go next
- Quickstart — mint your first key and make your first request.
- Product architecture — how the pieces fit together.
- Organizations & scopes — the tenancy and governance model everything else builds on.