Aegis Developer PortalDeveloper Search
Press ⌘K or Ctrl+K to jump through guides and public API docs for user-owned master key and scoped credential flows.
SLO + Limits
Limits and Guarantees
Operational limits for tokens and lease workflows. Keep callers inside these envelopes and validate behavior with load and replay tests before production promotion.
| Dimension | Current Value | Notes |
|---|---|---|
| User API token TTL | default 10m, min 1m, max 15m | MintUserApiToken |
| Workload broker token TTL | default 10m, min 1m, max 15m | ExchangeWorkloadToken |
| Credential lease TTL | default 5m, max 60m | CreateCredentialLease |
| Credential lease redemptions | default 1, max 10 | CreateCredentialLease |
| SPIFFE challenge lifetime | ~5m | BeginSpiffeBootstrap / CompleteSpiffeBootstrap |
Availability Guarantees
- Public docs explorer serves public endpoints only.
- Private workflows require explicit role and scope gates.
- Replay-protected proofs are mandatory for sensitive lease calls.
Rate-Control Expectations
- Apply per-principal and per-tenant throttles at edge.
- Use jittered backoff for transient failures.
- Alert on denial spikes, replay attempts, and issuance bursts.