Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

MCP gateways and AI agent secrets sprawl: are controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: AI agent stacks centralised through MCP can move credentials out of developer laptops and into the platform database, creating a new secrets sprawl and auditability problem as enterprises connect hundreds or thousands of upstream services, according to 1Password. Runtime resolution keeps secrets in the vault until needed, but governance now hinges on the control point, not the agent alone.

NHIMG editorial — based on content published by 1Password: MCP gateway credential governance for AI agents

By the numbers:

Questions worth separating out

Q: How should security teams handle secrets in MCP gateways for AI agents?

A: Security teams should keep the raw secret in the vault and let the MCP gateway resolve only a reference at runtime.

Q: Why do MCP platforms create new identity risk for AI agents?

A: MCP platforms can become a second secrets store if they centralise upstream credentials outside the vault.

Q: How do you know if runtime secret resolution is actually working?

A: You should see reference-only storage, successful live resolution at connection time, and rotation propagation without manual reconfiguration.

Practitioner guidance

  • Keep raw credentials in the vault Require the MCP platform to store only a reference, such as op://, and resolve the live value at request time.
  • Audit the control plane as part of NHI governance Review every MCP gateway as if it were a credential broker.
  • Standardise runtime injection patterns Use one approved pattern for headers, token fields, and connector inputs so AI builders do not improvise with plaintext overrides or one-off secret handling.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

  • Step-by-step op:// reference handling for MCP server credential fields and transport headers
  • Runtime resolution mechanics using the 1Password SDK and the Runlayer proxy layer
  • Hash-based rotation detection and audit events for secret fetch and rotation
  • Future-oriented details on coordinated rotation, agent identity lifecycle, and OAuth token support

👉 Read 1Password's analysis of MCP gateway credential governance for AI agents →

MCP gateways and AI agent secrets sprawl: are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Secrets moved into the MCP platform create identity blast radius, not just convenience. The centralised gateway model solves developer friction, but it also turns the control plane into a high-value secrets repository if raw credentials are stored there. That is an NHI governance problem, because the platform becomes both broker and custodian of machine access. Practitioners should treat any design that stores credentials outside the vault as an expansion of blast radius, not an optimisation.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who should own governance when an MCP gateway issues credentials to AI agents?

A: Ownership should sit with the identity and platform security teams together, because the gateway is part of the credential lifecycle. The secret broker, vault, and audit trail need one governance model. If ownership is split, policy gaps emerge where no team can prove who changed access, when it changed, or where the secret lived.

👉 Read our full editorial: MCP gateways create a new secrets sprawl problem for AI agents



   
ReplyQuote
Share: