Safeguard
Product

Set It and Forget It: Onboarding the Guard SDK Just Got a Lot Simpler

Generate a secret key from Settings, drop it into the Guard SDK, and your live security policy is enforced automatically — no manual wiring, no restarts when policy changes. OAuth login is available too.

Safeguard Team
Product
3 min read

If you've ever wired a security library into an agent or MCP server, you know the drill: pull the right config, map it to your policy, redeploy, and hope nothing changes before you get around to updating it again. We wanted onboarding the Guard SDK to feel nothing like that. So we changed it.

As of today, getting Guard running inside your own AI agent or MCP server takes about as long as it takes to read this sentence: generate a secret key from Settings, pass it to the SDK, and you're done. From there, the SDK handles the rest.

Generate a key, not a config file

Head to Settings in your Safeguard account and generate a secret key. That's the entire setup step on our side. No policy exports to manage, no environment-specific config to keep in sync across services — just a key.

Drop that key into the Guard SDK wherever you're embedding it, and the SDK authenticates and takes it from there.

Your policy, always current, automatically

This is the part we're most excited about: once the SDK is authenticated, it automatically pulls your live security policy in the background and starts enforcing it immediately. There's no separate step where you translate your policy into SDK configuration, and nothing to keep manually aligned between what you've defined in Safeguard and what your agent is actually enforcing.

And when you update your policy? You don't have to touch your agent or MCP server at all. Every SDK instance authenticated with your key picks up the change automatically — no redeploy, no restart, no waiting for someone to ship a new build. Change the policy once, and every place it's enforced updates itself.

That's the "set it and forget it" promise: configure the SDK once, and policy changes from then on are entirely your call, applied everywhere, on their own.

Prefer OAuth? We've got you.

Static keys aren't the right fit for every team. If you'd rather manage access through your existing identity provider instead of distributing a secret key, the Guard SDK now supports an OAuth-based login option as well. Authenticate through your identity provider, and access follows the same lifecycle as the rest of your connected tools — no separate key to rotate or revoke by hand.

Whichever path you choose, the enforcement experience is identical: your live policy, applied automatically, kept current without any extra work on your end.

Why this matters for agent and MCP server builders

AI agents and MCP servers move fast, and the tooling securing them shouldn't be the thing slowing you down. A security integration that requires a redeploy every time a policy changes is an integration that quietly falls out of date. We wanted the opposite: an SDK that's trivial to add and that stays correct on its own, so the policy your team defines is always the policy actually being enforced — in every agent, all the time.

Ready to try it? Generate a secret key from Settings and check out the Guard SDK docs to get it running in your agent or MCP server today.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.