AI Pilot — Upstream Auth (LLM providers)
Audience: Platform engineers, security architects Time: ~8 min read
AI Pilot manages credentials and authorization to your AI/LLM providers at the bouncer. Application code never holds API keys; the bouncer presents the right credential to each provider, rotates it, and adds OAuth2/OIDC scopes when required.
Supported auth types per provider
| Provider | API key | OAuth2 / OIDC | AWS SigV4 | Azure AD | Notes |
|---|---|---|---|---|---|
| OpenAI | yes | optional | n/a | n/a | OAuth2 supported via partner workspace SSO |
| Azure OpenAI | yes | yes (Azure AD) | n/a | yes | Azure AD recommended |
| Anthropic | yes | optional | n/a | n/a | |
| AWS Bedrock | n/a | n/a | yes | n/a | SigV4 with role chaining |
| Google Vertex AI | n/a | yes (Google OIDC) | n/a | n/a | Workload Identity Federation supported |
| OpenAI-compatible self-hosted | yes | yes | optional | optional | Works with any RFC 6749 server |
Configure in PAP
Open Settings -> AI Pilot -> Upstream Auth and add one entry per provider you registered as a resource:
| Field | Description |
|---|---|
| Provider | OpenAI / Azure OpenAI / Anthropic / Bedrock / Vertex / Custom |
| Auth type | api_key / oauth2 / oidc / aws_sigv4 / azure_ad |
| Credential ref | Name of the Kubernetes Secret or external secret manager entry |
| MFA required | Enforce MFA on caller side before token can be used |
| Scopes | OAuth2 scopes (read/write/admin/embeddings/fine-tuning/etc.) |
| Token endpoint | OAuth2 token URL (for oauth2) |
| Issuer | OIDC issuer URL (for oidc) |
| Refresh policy | pre-expiry (default), lazy, proactive |
| Audit on rotate | Emit AI_PROVIDER_TOKEN_ROTATED audit events |
The compiler emits a BackendSecurityPolicy (or AIGatewayUpstreamAuth for OAuth2/OIDC) referencing the secret. The bouncer rotates tokens automatically and never logs them.
Why this matters
- Eliminates API keys in app code. Apps call the bouncer endpoint with their own identity; the bouncer adds the provider credential.
- Enables MFA-aware AI. Step-up auth can be required for premium models or sensitive tools.
- Lets you rotate provider keys without redeploying apps.
- Captures every credential rotation in the audit log with an SIEM-bound event.
- Pairs cleanly with mTLS so identity flows from the user, through the bouncer, to the provider in a single chain.
OAuth2 / OIDC walk-through
Click to enlarge
The bouncer caches the access token (in the optional Redis cache when configured) and refreshes per the chosen policy.
Examples
Azure OpenAI with Azure AD
provider: azure-openai
auth_type: azure_ad
credential_ref: azure-openai-sp
scopes:
- https://cognitiveservices.azure.com/.default
mfa_required: false
refresh_policy: pre-expiry
Bedrock with SigV4 (role chaining)
provider: bedrock
auth_type: aws_sigv4
credential_ref: bedrock-irsa-role
mfa_required: true
audit_on_rotate: true
Self-hosted OpenAI-compatible with OIDC
provider: custom-openai
auth_type: oidc
credential_ref: internal-llm-oidc
issuer: https://idp.internal.example.com
scopes:
- llm:read
- llm:invoke
refresh_policy: pre-expiry