A persistent configuration layer that defines what an AI coding tool may do, what it must ask about, and what it cannot touch. For identity teams, this becomes the policy boundary that governs command execution, tool use, and exposure to sensitive paths.
Expanded Definition
Managed Settings are the persistent policy controls that shape how an AI coding tool behaves across sessions. They define what the tool may execute, what it must confirm before acting, and which repositories, commands, or data paths remain off limits. In NHI security, this is not just a developer convenience layer. It is a governance boundary for agentic execution, tool invocation, and exposure to credentials, secrets, and sensitive infrastructure.
Definitions vary across vendors, but the security intent is consistent: reduce unsupervised reach while preserving enough autonomy to make the tool useful. Managed Settings sit alongside guardrails such as approval prompts, workspace allowlists, and restricted write paths. They are closely related to zero trust principles in NIST Cybersecurity Framework 2.0, especially where execution authority must be constrained by policy rather than user intent alone. The most common misapplication is treating Managed Settings as cosmetic preferences, which occurs when organisations leave tool defaults in place and assume developers will self-restrict risky actions.
Examples and Use Cases
Implementing Managed Settings rigorously often introduces workflow friction, requiring organisations to weigh developer speed against the cost of tighter approval gates and narrower tool access.
- A coding assistant can read application code but must ask for confirmation before modifying CI/CD pipeline definitions or deployment scripts.
- The tool is allowed to suggest dependency updates, but it cannot touch secret stores or export environment variables from protected workspaces.
- Only approved repositories are accessible, while sensitive infrastructure code remains blocked by policy enforcement tied to the agent session.
- Managed Settings require explicit prompts before the assistant runs shell commands, reducing silent execution risk in shared environments.
- Teams align implementation with the lifecycle and governance guidance in the NHI Lifecycle Management Guide and with execution-boundary concepts in NIST Cybersecurity Framework 2.0.
For broader context, Top 10 NHI Issues highlights how overbroad access and weak governance create recurring exposure patterns in non-human identity programs.
Why It Matters in NHI Security
Managed Settings matter because AI coding tools often operate with enough access to become high-impact NHI-like actors: they can read secrets, invoke tools, and influence infrastructure if boundaries are weak. NHI Mgmt Group research shows that 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface. That same failure pattern appears when agentic tools inherit broad permissions without persistent controls. Managed Settings help convert informal trust into enforceable policy, which is essential for preventing accidental code changes, secret exposure, and unsafe command execution.
This becomes even more important in audit and governance discussions covered in Ultimate Guide to NHIs — Regulatory and Audit Perspectives, where persistent controls are easier to evidence than ad hoc reviewer judgment. Organisations should also map these settings to lifecycle and access review practices described in Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs. Organisations typically encounter the need for Managed Settings only after a coding agent has touched a protected path, leaked a secret, or attempted an unsafe deployment, at which point policy boundaries become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic tools need persistent guardrails for tool use and command execution. | |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access supports persistent restrictions on what the tool can reach. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Managed Settings reduce secret exposure and overbroad access patterns tied to NHI risk. |
Constrain agent actions with explicit approvals, allowlists, and blocked operations.