Long-lived agent secrets sit in YAML and never rotate.
Agent Protocol
The agent in your network speaks three mTLS channels to the platform — and never holds policy or makes decisions.
Trust
Identity has to be strong, traffic has to be cheap, and failure has to be graceful. BoltPipeline's agent integration uses mutual TLS end to end, lets the agent poll on adaptive cadence, and rotates certificates in place with a five-minute overlap so no in-flight request fails.
What it solves
Common problems this capability removes from your engineering workflow.
Compromised certs take hours to revoke under traditional models.
Server-pushed commands create fan-in bottlenecks at scale.
Network blips leave the warehouse in half-executed states.
How it works
The flow this capability runs end-to-end inside the platform.
- 1One bootstrap token sets up the agent and is single-use.
- 2Every request after bootstrap requires a mutual-TLS certificate.
- 3Certs rotate in place with a five-minute overlap window.
- 4Revocation hits a fast-path blocklist within milliseconds.
Related capabilities
Other capabilities in the BoltPipeline platform that work alongside this one.
6Agent &
Agent Runtime
A stateless executor near your warehouse runs orchestration, profiling, and cataloging with six reliability primitives.
6Agent &Cloud-Agnostic Agent
The same container runs on AWS, Azure, GCP, or a laptop — two volume mounts and one URL is the entire contract.
5Security &Token Blocklist
When you press the revoke button, the stolen credential stops working in milliseconds — not in thirty minutes.
See it on your data.
Try BoltPipeline against your live database — your data never leaves your environment.