Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 277 Pull Requests 89 Actions 21 Packages Projects Releases Wiki Activity
Files
4214082fb656ee42e8de84440fb6a82b433af310
hermes-agent/ansible/inventory/fleet.ini.example
Alexander Whitestone 91faf6f956
All checks were successful
Lint / lint (pull_request) Successful in 10s
Details
feat: A2A auth — mutual TLS between fleet agents 
Implements mutual TLS for secure agent-to-agent communication (#806).

- scripts/gen_fleet_ca.sh: generate fleet CA (4096-bit RSA, 10-year)
- scripts/gen_agent_cert.sh: per-agent cert signed by fleet CA (timmy, allegro, ezra)
- agent/a2a_mtls.py: A2AServer requiring client cert verification (CERT_REQUIRED),
  build_server_ssl_context / build_client_ssl_context helpers, server_from_env()
- ansible/roles/fleet_mtls_certs/: distribute CA + per-agent certs to fleet nodes,
  write /etc/hermes/a2a.env, notify hermes-a2a service on change
- ansible/fleet_mtls.yml + ansible/inventory/fleet.ini.example: playbook + example inventory
- tests/agent/test_a2a_mtls.py: 11 tests — authorized agent accepted (200/202),
  self-signed cert rejected, no-cert rejected, lifecycle, env-var wiring

Fixes #806

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 13:28:28 -04:00

13 lines
324 B
Plaintext
Raw Blame History

# Example fleet inventory for mutual-TLS cert distribution.
# Copy to fleet.ini and adjust hostnames/IPs.
# Refs #806
[fleet_agents]
timmy ansible_host=192.168.1.10
allegro ansible_host=192.168.1.11
ezra ansible_host=192.168.1.12
[fleet_agents:vars]
ansible_user=hermes
ansible_python_interpreter=/usr/bin/python3
Reference in New Issue View Git Blame Copy Permalink