Installing Protegrity Agent

Steps to install Protegrity Agent

To install the Protegrity Agent run the following command.

Installing Protegrity Agent

Before you begin

The my-values.yaml file must provide the OPENAI keys.

For OpenAI LLM endpoint, provide the following details. This is essential for the Agent to work. The my-values.yaml file should appear as mentioned below.

proagentService:
 
 secrets:
    # Main Endpoint
   OPENAI_API_ENDPOINT: ""
   OPENAI_API_KEY: ""
   OPENAI_API_VERSION: ""
   OPENAI_LLM_MODEL: ""
 
   # Embeddings 
   OPENAI_EMBEDDINGS_API_ENDPOINT: ""
   OPENAI_EMBEDDINGS_API_KEY: ""
   OPENAI_EMBEDDINGS_API_VERSION: ""
   OPENAI_EMBEDDING_MODEL: ""

For more information on additional configurations, refer to Configuring Protegrity Agent.

These values can be provided during installation with -f my-values.yaml.

Important: The current version of Protegrity Agent requires GPT 5.2 main endpoints and GPT 4o embeddings endpoint.

Installing Protegrity Agent

To install the Protegrity Agent, run the following command.

helm upgrade --install protegrity-agent \
oci://<container_registry_path>:9443/protegrity-agent/1.0/helm/protegrity-agent \
--set karpenterResources.nodeClass.amiId="<ami-id>" \
--version 1.0.0 \
--namespace pty-protegrity-agent \
--create-namespace \
-f my-values.yaml

Ensure that in the preceding command is replaced with a valid AMI ID for the AWS region in use.

The following table provides the list of AMI IDs

Region	AMI ID
ap-south-1	ami-07959c05dcdb79a72
eu-north-1	ami-0268b0bfff0f25d31
eu-west-3	ami-0ea9454aef60045a2
eu-west-2	ami-0d5eee57a6a1398a3
eu-west-1	ami-00a8d14029b60a028
ap-northeast-3	ami-0e495c3ffd416c65e
ap-northeast-2	ami-0fc18a24aec719c1c
ap-northeast-1	ami-00ec85b83bf713aac
ca-central-1	ami-03891f0d8b41eb296
sa-east-1	ami-0a30f044a5781b4e0
ap-southeast-1	ami-0ae51324bf2e89725
ap-southeast-2	ami-0ef7e8095b163dc42
eu-central-1	ami-00e36131a0343c374
us-east-1	ami-07e4e828a19159636
us-east-2	ami-0e486911b2d0a5f7e
us-west-1	ami-01183e1261529749e
us-west-2	ami-04f850c412625dfe6

Verifying Protegrity Agent installation

To verify whether the Protegrity Agent is successfully installed, run the following command:

kubectl get pods -n pty-protegrity-agent

The output should be similar to the following:

NAME                                             READY   STATUS    RESTARTS   AGE
database-statefulset-0                           1/1     Running   0          3m6s
protegrity-agent-db-backup-init-r1-n5bwl         1/1     Running   0          3m6s
protegrity-agent-deployment-7488c88f6d-rgclq     1/1     Running   0          3m6s
protegrity-agent-ui-deployment-c8f848d57-mrm4r   1/1     Running   0          3m6s

Creating Protegrity Agent Role and User

To use Protegrity Agent, a user must have certain roles. Run the following commands to create administrator role and user:

# Get Token
export GW_HOST="$(kubectl get gateway pty-main -n api-gateway -o jsonpath='{.status.addresses[0].value}')"
echo $GW_HOST

TOKEN=$(curl -k -s "https://$GW_HOST/pty/v1/auth/login/token" \
 -X POST \
 -H 'Content-Type: application/x-www-form-urlencoded' \
 -d "loginname=admin" \
 -d "password=Admin123!" \
 -D - -o /dev/null 2>&1 \
 | grep -i 'pty_access_jwt_token:' \
 | sed 's/pty_access_jwt_token: //' \
 | tr -d '\r') && echo "${TOKEN:0:10}"

# Create Admin Role
curl -sk -X POST "https://$GW_HOST/pty/v1/auth/roles" \
 -H "Authorization: Bearer $TOKEN" \
 -H "Content-Type: application/json" \
 -d '{
   "name": "agent_admin",
   "description": "Administrator role",
   "permissions": [
     "proagent_conversations_permission",
     "proagent_doc_permission",
     "proagent_health_permission",
     "proagent_liveness_permission",
     "proagent_log_permission",
     "proagent_readiness_permission",
     "proagent_responses_permission",
     "proagent_ui_permission",
     "proagent_version_permission",

     "workbench_certificate_export",
     "workbench_package_export_dynamic",
     "workbench_package_export_encrypted",
     "workbench_policy_manage",
     "workbench_policy_view",

     "insight_admin",
     "insight_viewer",

     "can_create_token"
   ]
 }'

# Create Admin User
curl -sk -X POST "https://$GW_HOST/pty/v1/auth/users" \
 -H "Accept: application/json" \
 -H "Authorization: Bearer $TOKEN" \
 -H "Content-Type: application/json" \
 -d '{
   "username": "agent_admin",
   "email": "agent_admin@example.com",
   "firstName": "Agent",
   "lastName": "Admin",
   "enabled": true,
   "password": "Admin123!",
   "roles": [
     "agent_admin"
   ]
 }'

For more information about managing Protegrity Agent different roles and users, including their creation, refer to Working with Roles.

Feedback

Was this page helpful?

Last modified : April 09, 2026