# How does Portainer secure connectivity to and from Agents and Edge Agents? **Agent** When an Agent is initially deployed, it listens for incoming connections and waits for a Portainer instance to claim it. To claim an Agent, a Portainer instance connects to the Agent, a handshake occurs, and keys are exchanged. A claimed Agent will allow only the Portainer instance that claimed it to manage it. Connections from any other Portainer instances will be rejected. If this claim process does not occur within 5 minutes of the Agent starting for the first time, the Agent will shut down and will need to be manually restarted in order to be claimed.There is also an optional AGENT\_SECRET environment variable. Using AGENT\_SECRET, the Agent will allow connections from any/all Portainer instances with matching AGENT\_SECRET environment variables. For this reason, AGENT\_SECRET needs to be set on the Portainer instance and the Agent instance at container run time. **Edge Agent** Because the Edge Agent is designed to run over insecure networks, there are two additional levels of protection. There is an mTLS implementation allowing the Edge Agent to present a client certificate to the Portainer instance. Portainer only allows Edge Agents to connect that have client certificates signed by the CA key installed in Portainer. Additionally, the Edge Agent has a unique key which is used to encode a revolving password that is changed every poll period.For an in-depth look at how the Edge Agent operates, see this in our [documentation](/advanced/edge-agent.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.portainer.io/faqs/getting-started/how-does-portainer-secure-connectivity-to-and-from-agents-and-edge-agents.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.