Secure agent access to internal resources
Autonomous agents now query databases, call internal APIs, and update your CRM, reaching private systems never meant to be public. Instead of broad credentials or open firewall ports, NetBird gives each agent its own network identity and lets it reach only what policy allows.

One network for every internal resource
Agents connect over encrypted tunnels to the exact systems they need, and nothing else on the network is reachable.
Databases
Postgres, MySQL, Mongo, and managed cloud databases, reachable without public exposure.
Internal web servers & APIs
Private HTTP APIs, internal dashboards, and backend services.
CRMs & business apps
Self-hosted or private-network CRMs, ERPs, and line-of-business tools.
Staging & infrastructure
Staging environments, message queues, caches, and admin tooling.
How it works
Give the agent its own identity
Run the NetBird client alongside your agent, as a sidecar or on the same host. It joins your network as its own peer with its own identity, not a shared service account that everything reuses.
Scope it with policy
Put the agent in a group and write a policy: this agent reaches only the database and the CRM API. Everything else on the network isn't even routable to it.
Connect over encrypted tunnels
The agent reaches each resource through direct peer-to-peer WireGuard tunnels. Internal systems stay private with no public ingress, and traffic is encrypted end to end across cloud, on-prem, and hybrid.
Audit and revoke instantly
Every connection is logged with the agent's identity. Tighten a policy or pull the agent from its group and its access drops within seconds, containing a misbehaving or compromised agent on the spot.
Why it matters
Scoped to exactly what it needs
Access is default-deny: an agent can reach only the destinations its policy allows. No broad network access, no standing credentials waiting to be over-scoped or leaked.
Nothing exposed to the internet
Internal databases, APIs, and apps stay off the public network. Agents reach them through private tunnels, not open ports or forwarded firewalls.
Identity on every connection
Each agent carries its own identity, so access logs name the agent, not an anonymous shared account, for real attribution and forensics.
Instant containment
If an agent goes rogue or is compromised, remove it from its group and it's cut off from every resource at once, with no credential hunt.