Keycloak OIDC Everywhere
A single identity provider wired through the whole stack, including k3s API authentication. Users and services authenticate against Keycloak, with OIDC-driven access to the Kubernetes API and the Headlamp dashboard.
An open, end-to-end reference architecture for running AI agents inside regulated enterprises with identity, secrets, PKI, and audit wired in from the start. Keycloak OIDC across the stack, OpenBao for secrets and PKI, TLS-everywhere ingress, and the BeeAI agent runtime, all provisioned with Ansible and OpenTofu.
Why “just deploy an agent” stalls in healthcare, financial services, government, and defense.
Every vendor has a slide deck about enterprise AI agents. The moment you try to actually deploy one inside a regulated environment, you hit a wall the demos never mention. An agent wants to reach the open internet, call whichever model provider it likes, pull whatever data it can read, and act on it autonomously. That is precisely the behavior your security, compliance, and audit functions exist to prevent.
So most teams stall. They either spend months hand-building identity, secrets, certificate, and egress plumbing around an agent before it can do anything useful, or they wait for a SaaS vendor to clear a security review that may never come while the business keeps asking why the AI everyone else is using isn’t running yet.
Project Armory closes that gap. It is a working reference implementation (not a slide deck) that wires the controls a regulated enterprise actually requires around a modern agent runtime, using only open-source components you can run, inspect, and audit yourself. Clone it, stand it up in a VM, and you have a concrete blueprint for what a hardened enterprise agent stack really looks like.
The non-negotiables an agent platform has to satisfy before it can run in a regulated environment.
Project Armory is built to satisfy each of these with open-source components you can inspect line by line.
Every layer is wired for identity, encryption, and auditability.
A single identity provider wired through the whole stack, including k3s API authentication. Users and services authenticate against Keycloak, with OIDC-driven access to the Kubernetes API and the Headlamp dashboard.
OpenBao manages secrets and PKI, integrated with the Vault Secrets Operator and cert-manager. Credentials are generated and rotated automatically including hands-off realm admin password cycling.
RBAC and TLS-everywhere ingress configuration by default. cert-manager and nginx-ingress issue and terminate certificates so traffic is encrypted end to end across the platform.
TBD: While each component is already auditable, we do not have the "single pane of glass" implemented yet. This project is still a work in progress and we are considering a K3S -> PVC -> Loki solution but we welcome any suggestions.
This has moved to Project Garrison. Agents run on the BeeAI Agent Stack, a Linux Foundation project, deployed onto the secured k3s platform giving AI workloads a runtime that inherits the platform's identity and secret controls.
PostgreSQL for relational state and SeaweedFS for S3-compatible object storage run inside the platform you control, so agent data, file handling, and persistence never leave infrastructure you own.
End-to-end provisioning via Ansible playbooks and OpenTofu. Granular task execution through Ansible tags, with multi-component readiness validation run after deployment.
Stand up the full platform inside a Vagrant VM for local evaluation. Retrieve credentials directly from OpenBao and inspect synced Kubernetes secrets without touching production infrastructure.
Identity and secrets form one control plane while the agent, the models it routes to, and the tools it calls all run inside it.
That last point is the whole point. Most agent platforms get their own ungoverned path to the internet, their own keys, their own secrets sitting in a config file. In Project Armory the agent and everything it reaches inherit the same identity, secret, and encryption controls as the rest of your estate so an LLM call or a tool invocation runs under the same controls as any other workload, not as an exception carved out around them.
A working reference is worth more than an architecture diagram, because the integration points are where these systems fight each other.
Each component in this stack is well documented on its own. The difficulty is in the places where one system’s assumptions quietly break another’s. The parts that took real work to get right include:
Project Armory encodes the working answers to these, so you start from a stack that already fits together instead of rediscovering each failure mode yourself. That is the difference between a reference you can build on and a diagram you still have to implement.
Organizations that want to adopt AI agents without giving up the controls their environment demands.
Healthcare, financial services, and high-security teams that need agentic AI to run under the same identity, secret, and audit controls as the rest of their estate.
Engineers who want a vetted, auditable starting point for a Kubernetes AI platform (OIDC, PKI, and TLS already integrated).
Teams building bespoke agent platforms for regulated clients who need a proven, auditable foundation to adapt not a greenfield rebuild for every engagement.
Deployments that must stay on-premises and self-hosted. Identity, secrets, certificates, and agent runtime all run inside infrastructure you control, with no external dependency.
Project Armory is open source and available now for evaluation. McIndi Solutions builds and operates secure platforms like this for regulated enterprises. We can help you adapt the architecture to your environment, integrate it with your existing identity and secret backends, and harden it for production.