The first install is easy. The hundredth is where the cost shows up. Below is the deployment playbook we use with design partners moving from "one agent instrumented" to "every agent in the estate" without anyone touching a console. The patterns are intentionally boring — they're the same ones that worked for IDS and EDR rollouts a decade ago.
The three deploy surfaces.
AI agents land on three kinds of host:
- Linux servers running production agents (most common today — Python and Node services).
- Windows hosts running ops-side agents, RPA-style automations, on-prem deployments.
- Kubernetes pods running everything else, often with sidecar containers and per-namespace network policy.
Each has its own deployment muscle memory; ignore that and you'll spend three months retrofitting instrumentation by hand.
Linux: ship through configuration management.
The right primitive is the bootstrap script wrapped in your existing Ansible / Chef / Puppet playbook. Two lines:
- name: Install Agent Audit
shell: |
curl -fsSL https://www.agentaudit.co.uk/install.sh | bash
environment:
AGENTAUDIT_API_KEY: "{{ vault_agentaudit_key }}"
The bootstrap is idempotent — re-running it updates the SDK and refreshes the env file. Put the key in your secrets vault, never check it into a repo. On the first run, the script sends a test receipt that flips the dashboard's install status to green within seconds.
For systemd-managed agents, the SDK reads the env file
~/.agentaudit/env automatically. No service file
changes required.
Windows: the signed MSI plus SCCM / Intune.
The MSI is the only realistic Windows fleet primitive. We ship
AgentAuditSetup-1.0.0-x64.msi code-signed with a
DigiCert EV certificate so SmartScreen doesn't block it on first
run. The product code and upgrade code are stable across versions
for SCCM-side upgrade tracking.
Deploy command for SCCM:
msiexec /i AgentAuditSetup-1.0.0-x64.msi /quiet /norestart \ AGENTAUDIT_API_KEY="aa_live_..."
Intune: standard Win32 LOB app, install command above, uninstall by
product code, detection by registry key at
HKLM\Software\AgentAudit. We publish the product /
upgrade GUIDs on the download page so your packaging team doesn't
have to ask.
The signed MSI is currently in early access while we finalise the Authenticode reputation build-up; the public download lands Q3 2026. Design partners get the pre-release direct.
Kubernetes: SDK in the image, env from the secret.
For Python agents in containers, the SDK is a dependency in the
image. Wire the API key from a Kubernetes Secret to the
AGENTAUDIT_API_KEY environment variable.
env:
- name: AGENTAUDIT_API_KEY
valueFrom:
secretKeyRef:
name: agentaudit
key: api_key
For non-Python stacks, deploy the Docker sidecar on the same pod and target the sidecar's local port from your agent code. The sidecar's ingestion path is identical to the SDK's.
Identity: SCIM does the user side.
Once the SDK is live, the dashboard needs to know who can see it. SCIM from Okta / Azure AD provisions users into the right tenant with the right role; SSO carries them through sign-in. No individual user provisioning by hand, no expired ex-employee accounts sitting in the dashboard for months.
Detail in the SCIM + SSO procurement checklist; setup at Settings → Identity.
One thing not to do.
Don't ask developers to embed the API key in source code, even with a "for now" caveat. The week after that decision is the week someone PRs the key to a public fork by accident. The bootstrap writes a per-host env file with mode 0600 (or current-user ACL on Windows); your secrets manager pushes the key to the host; the agent reads the env. Three-layer hygiene that scales without audit findings.
The first month, week by week.
- Week 1. One agent instrumented in a single environment. Dashboard flips green. Acceptance criteria met on the smoke-test pack (Article 12 with last week of data).
- Week 2. CI pipeline rolls the SDK update into the production image. Pre-prod environment covered. SCIM + SSO wired against the staging IdP.
- Week 3. Production rollout via the existing config-management or MSI deployment channel. The retention and notarisation defaults are reviewed with security and approved.
- Week 4. First quarterly Board / Audit Committee pack generated. ICO SAR runbook documented internally for the DPO. FCA SYSC pack tested against last quarter's data.
The pieces are unremarkable on their own. The unlock is doing them in this order and resisting the temptation to skip from week 1 to week 4 because the developer who set up the first instrumentation is excited.