Skip to content

Getting started: Trust3 AI inventory and Run Collector

This tutorial walks you through loading AI asset inventory into Trust3 AI Governance using the AI Assets Collector (Run Collector). With the stack running, the collector ingests on a schedule (every 15 minutes in the current release), and Trust3 can show agents, identities, and relationships across the platforms you connect—so governance, risk, and platform teams share one source of truth instead of spreadsheets.

Before you begin

  • If you have not signed up yet, open Trust3 Cloud and create an account.
  • You need Docker and Docker Compose on the machine where the collector will run.
  • Decide whether you will collect from Databricks, Microsoft Azure / Power Platform, or both, then complete the matching prerequisite guide before you fill in .env.

Overview

After you can sign in to Trust3 Cloud, you will:

  1. Understand what AI inventory means in Trust3
  2. Complete platform prerequisites (Databricks and/or Azure)
  3. Download docker-compose.yml and create a .env file
  4. Run the collector with Docker Compose and confirm logs
  5. Review inventory in the Trust3 portal (dashboard / agent views as enabled for your tenant)

For a compact checklist and variable reference, keep Run Collector open in another tab.

Step 1: What is Trust3 AI inventory?

AI inventory is the normalized catalog of AI-related assets the collector discovers in your platforms—agents, endpoints, Genie spaces, Copilot-related objects, and their links to identities (owners, invokers, service principals). Trust3 AI Governance uses that inventory for visibility, policy checks, and audit evidence.

The AI Assets Collector is a Docker-based collector you run on your side. It calls vendor APIs with credentials you supply, then ingests results into Trust3 using AI_GOVERNANCE_API_KEY (when your deployment requires it).

Step 2: Platform prerequisites

Configure access in the upstream platform before you put secrets in .env.

If you collect from… Follow this guide
Databricks Databricks prerequisites — workspace URL, personal access token (PAT), environment naming
Azure / Power Platform Azure prerequisites — Microsoft Entra app registration, secrets, Power Platform app user, least-privilege roles

You can enable one or both collectors; leave unused variables blank or omit them in .env.

Step 3: Download docker-compose.yml and create .env

  1. Create a directory on your machine (for example ai-assets-collector/).

  2. Download docker-compose.yml into that directory. From this tutorial page you can use the same file as the Run Collector guide:

Download docker-compose.yml

  1. In the same directory, create a file named .env.

  2. Add the variables your deployment needs. Start from this template and set values from Step 2 and from your Trust3 AI Governance API key (if applicable):

Bash
1
2
3
4
5
6
7
8
9
DATABRICKS_HOST=https://your-workspace.cloud.databricks.com
DATABRICKS_TOKEN=
DATABRICKS_ENVIRONMENT_NAME=(dev/test/prod/stage)

AZURE_TENANT_ID=
AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=

AI_GOVERNANCE_API_KEY=

See the full variable table in Run Collector (section Environment variables (for .env)).

Login Trust3 AI Docker Repository

To log in to the Trust3 AI Docker repository, use the following command. Replace <CONTAINER_REGISTRY_HOST> with the production container registry hostname supplied by your Trust3 account team or Trust3 AI Support (do not use internal development registry hostnames in published workflows).

Bash
1
docker login <CONTAINER_REGISTRY_HOST> -u trust3

When prompted for a password, enter your API key. You can obtain the API key and the correct registry hostname from the Trust3 AI Support Team.

Step 4: Run the collector with Docker Compose

  1. Open a terminal and cd into the directory that contains docker-compose.yml and .env.

  2. Start the collector (detached):

    Bash
    1
    docker compose up -d

  3. Stream logs to confirm the collector is healthy. While the stack is up, collection runs on a schedule (every 15 minutes in the current release):

    Bash
    1
    docker compose logs -f trust3-ai-assets-collector

  4. Tear down when you are finished:

    Bash
    1
    docker compose down

If the logs show authentication or permission errors, revisit the Databricks or Azure guide and confirm tokens, secrets, and app roles.

Step 5: Review inventory in Trust3

Sign in to Trust3 Cloud and open the AI Governance areas your tenant provides (for example agent inventory, dashboard, or GIA, depending on product configuration). You should see new or updated assets that match the platforms you connected.

If inventory does not appear after a successful run, confirm AI_GOVERNANCE_API_KEY and endpoint settings with your Trust3 administrator, and re-run the collector after fixes.

Next steps