Subscribe to the Non-Human & AI Identity Journal

Self-Custody

Self-custody is an identity and asset model where the user, not a central provider, holds the credentials that control access. It improves control and portability, but it also means lost credentials can become unrecoverable unless backups and emergency paths are designed in advance.

Expanded Definition

Self-custody is a control model in which the person or system operator holds the credentials, keys, or recovery material needed to prove identity and authorize access, rather than relying on a central issuer or hosted wallet provider. In NHI and agentic AI environments, the term is used most often where keys, certificates, or token-signing material must remain portable across infrastructure, cloud accounts, or tools. That portability is useful, but it also shifts the security burden onto the holder, including backup design, revocation planning, and secure storage. Guidance varies across vendors on whether self-custody includes delegated recovery, shared custody, or threshold schemes, so the operational boundary should be stated explicitly. For governance, self-custody should be evaluated alongside identity lifecycle controls, not treated as a purely technical preference. The most common misapplication is equating self-custody with resilience when the required recovery path is missing or untested.

For baseline identity and access principles, the NIST Cybersecurity Framework 2.0 is a useful reference point for control ownership and recovery planning.

Examples and Use Cases

Implementing self-custody rigorously often introduces recovery complexity, requiring organisations to weigh user autonomy against the operational cost of lost-key events and manual restoration.

  • An engineer stores signing keys in a hardware-backed device and keeps offline recovery material so service deployments can continue if the primary device fails.
  • A team managing machine identities uses self-custodied certificates for internal services, then pairs them with documented rotation and emergency revocation steps.
  • An AI agent retains its own API key material under operator control, which reduces dependency on a central broker but demands strict escrow and access logging.
  • A decentralized identity workflow lets a user move credentials between platforms without reissuing them from a vendor, improving portability across ecosystems.
  • Security teams review self-custody design against NHI lifecycle guidance in the Ultimate Guide to NHIs and compare it with the recovery and assurance concepts described in the NIST Cybersecurity Framework 2.0.

In practice, self-custody appears in service account key management, wallet-based identity, certificate ownership, and agent authorization patterns where a central provider should not hold unilateral control over access.

Why It Matters in NHI Security

Self-custody matters because it can remove single-provider dependency while creating a single-holder failure mode if the credential is lost, exposed, or rotated without coordination. In NHI security, that risk is amplified by the scale of machine identities and the speed at which secrets spread across code, CI/CD, and runtime systems. NHI Mgmt Group reports that 96% of organisations store secrets outside secrets managers in vulnerable locations, and 73% of vaults are misconfigured, which means self-custodied material often ends up harder to govern than centrally issued credentials. The governance question is not whether the operator wants control, but whether the operator can preserve recovery, revoke access quickly, and prove custody boundaries across the full lifecycle. Self-custody should therefore be paired with backup, escrow, rotation, and emergency access procedures, especially where agentic systems can execute with broad authority. For broader NHI governance context, the Ultimate Guide to NHIs is a useful operational reference.

Organisations typically encounter the consequences of weak self-custody only after a lost device, compromised key, or failed migration, at which point access restoration becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-02 Covers secret and key handling risks central to self-custody.
NIST CSF 2.0 PR.AA-05 Addresses identity credential management and recovery for access continuity.
NIST Zero Trust (SP 800-207) Self-custody must still fit zero trust verification and least-privilege access.

Store, rotate, and recover self-custodied credentials under explicit NHI secret controls.