Developer secrets and AI agents: what changes for IAM teams?

TL;DR: Developer secrets stored in code, local machines, and CI/CD pipelines create a growing blind spot as AI agents and machine identities increase credential use, according to 1Password. The governance gap is that high-privilege access is hard to track, revoke, or contain when workflows outpace manual controls.

NHIMG editorial — here’s why we think this discussion matters

Questions worth separating out

Q: How should security teams govern developer secrets in modern engineering workflows?

A: Security teams should govern developer secrets as lifecycle-managed non-human identities.

Q: Why do developer credentials become a blind spot for IAM and PAM teams?

A: Developer credentials become a blind spot because they are distributed across places that traditional access reviews do not fully cover, including code, local machines, and CI/CD systems.

Practitioner guidance

• Inventory developer secret locations across the full workflow Catalogue secrets in code repositories, local developer machines, CI/CD pipelines, and shared tooling so you know where credentials can actually be used or leaked.
• Apply lifecycle governance to developer credentials Define issuance, rotation, review, and retirement rules for API keys, SSH keys, and tokens the same way you would for other privileged non-human identities.
• Separate human login from machine access paths Use distinct controls for engineer authentication and for secret-bearing automation so one compromised workstation does not automatically expose pipeline or application access.

What to expect at the briefing

1Password's full webinar covers the operational detail this post intentionally leaves for the source:

• How 1Password's developer tools fit into existing engineer workflows without changing day-to-day access patterns
• What features are already available for securing developer credentials inside the 1Password deployment
• How the demo handles adoption, rollout, and workflow disruption concerns for engineering teams
• What the path to fuller developer credential security looks like inside the product environment

👉 Register for 1Password's live demo on developer security in EPM →

Developer secrets and AI agents: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →