Back to Blogs
2026-06-12
Keeping Agent Credentials Inside the Right Runtime
Tenant-aware routing and private runtime configuration prevent one account from reaching another user's Hermes instance.
An agent platform must keep credentials and runtime access scoped to the correct account. A shared public container endpoint without ownership checks would make tenant isolation impossible.
MyHermes routes signed user requests through an authenticated gateway to the container assigned to that user. Runtime ports are blocked from public access, Docker control uses mutual TLS, and submitted model credentials are saved inside the user's Hermes runtime without being returned to the browser.
Stop fighting your infrastructure.
Provision and configure your private hosted Hermes runtime.