MCP gateways and AI agent secrets sprawl: are controls keeping up?

TL;DR: AI agent stacks centralised through MCP can move credentials out of developer laptops and into the platform database, creating a new secrets sprawl and auditability problem as enterprises connect hundreds or thousands of upstream services, according to 1Password. Runtime resolution keeps secrets in the vault until needed, but governance now hinges on the control point, not the agent alone.

NHIMG editorial — based on content published by 1Password: MCP gateway credential governance for AI agents

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.

Questions worth separating out

Q: How should security teams handle secrets in MCP gateways for AI agents?

A: Security teams should keep the raw secret in the vault and let the MCP gateway resolve only a reference at runtime.

Q: Why do MCP platforms create new identity risk for AI agents?

A: MCP platforms can become a second secrets store if they centralise upstream credentials outside the vault.

Q: How do you know if runtime secret resolution is actually working?

A: You should see reference-only storage, successful live resolution at connection time, and rotation propagation without manual reconfiguration.

Practitioner guidance

• Keep raw credentials in the vault Require the MCP platform to store only a reference, such as op://, and resolve the live value at request time.
• Audit the control plane as part of NHI governance Review every MCP gateway as if it were a credential broker.
• Standardise runtime injection patterns Use one approved pattern for headers, token fields, and connector inputs so AI builders do not improvise with plaintext overrides or one-off secret handling.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step op:// reference handling for MCP server credential fields and transport headers
• Runtime resolution mechanics using the 1Password SDK and the Runlayer proxy layer
• Hash-based rotation detection and audit events for secret fetch and rotation
• Future-oriented details on coordinated rotation, agent identity lifecycle, and OAuth token support

👉 Read 1Password's analysis of MCP gateway credential governance for AI agents →

MCP gateways and AI agent secrets sprawl: are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →