A design pattern where an identity can perform a task or query data without receiving the underlying secret itself. For agentic workflows, this means brokering access at execution time, limiting data visibility, and preserving custody outside the model context so the secret remains revocable and auditable.
Expanded Definition
Access without exposure is an NHI control pattern in which an identity can execute a task, query a system, or retrieve a result without ever receiving the underlying secret. It is closely related to brokered authorization, delegated execution, and sealed custody of credentials, but the emphasis is on preventing secret disclosure to the caller, especially an AI agent or automated workflow.
In practice, the secret stays in a vault, broker, or execution boundary while the agent receives only the minimum artefact needed to complete the action. That may be a scoped token, a signed request, a short-lived assertion, or a one-time exchange handled at runtime. This approach aligns with least privilege and Zero Trust principles described in the OWASP Non-Human Identity Top 10, but definitions vary across vendors on how much visibility the agent should have into the request, response, or approval trail.
The key distinction is that the identity is allowed to act without becoming the custodian of the secret itself. The most common misapplication is giving the agent a reusable credential “for convenience,” which occurs when teams confuse execution authority with secret possession.
Examples and Use Cases
Implementing access without exposure rigorously often introduces orchestration and policy complexity, requiring organisations to weigh operational speed against stronger custody and revocation control.
- An AI coding agent needs to open a ticket in a SaaS platform, but a broker signs the request at execution time so the API key never enters the model context.
- A service account queries a database through a proxy that injects a short-lived token, preserving custody in a vault rather than distributing the secret to every workload.
- A CI/CD pipeline deploys infrastructure using a federated identity exchange instead of storing long-lived cloud keys in the pipeline configuration, a pattern consistent with guidance in the Guide to the Secret Sprawl Challenge.
- An autonomous agent requests a data extract through a policy engine that redacts fields before returning results, so the secret behind the request path stays outside the agent’s memory and logs.
- A support automation tool rotates a certificate through a vault workflow and receives only a transient assertion needed for the next call, not the certificate material itself.
These patterns are especially relevant where runtime delegation is safer than persistent credential distribution. The Ultimate Guide to NHIs also shows that NHIs outnumber human identities by 25x to 50x, which makes secret handling at scale a governance problem, not just an engineering preference.
Why It Matters in NHI Security
Access without exposure reduces secret sprawl, narrows blast radius, and improves auditability when NHIs are compromised or over-permissioned. NHI Mgmt Group research shows that 79% of organisations have experienced secrets leaks, with 77% of those incidents causing tangible damage, which is why keeping secrets out of agent and workload memory is not a theoretical hardening measure but a practical containment control.
This matters most when automation is powerful enough to chain actions across systems. If an agent holds the secret directly, compromise of the agent, logs, prompt history, or execution trace can become equivalent to compromise of the protected resource. By contrast, access without exposure preserves revocation leverage and supports immediate containment through broker shutdown, token expiry, or policy update. The same Ultimate Guide to NHIs — Key Challenges and Risks links this problem to visibility gaps and excess privilege, while the OWASP Non-Human Identity Top 10 frames improper secret handling as a recurring control failure.
Organisations typically encounter the operational cost of this pattern only after a secret is leaked from logs, a model prompt, or a pipeline run, at which point access without exposure becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers improper secret handling and secret sprawl in NHI workflows. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access control aligns with brokered, need-to-know NHI execution. |
| NIST Zero Trust (SP 800-207) | SC-4 | Zero Trust requires dynamic, contextual access instead of trusting credential possession. |
Enforce policy checks and runtime authorization so identities act without direct secret disclosure.
Related resources from NHI Mgmt Group
- How do organisations reduce AI exposure without blocking useful access?
- How should security teams modernize privileged access without creating new exposure?
- How should teams access Docker containers without creating unnecessary SSH exposure?
- How do organisations reduce SSH key exposure without weakening admin access?
