Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI coding agents and secrets: what governance gap are teams missing?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: AI coding agents need credentials to write, execute, and prepare code for production, but secrets placed in prompts, .env files, or repositories remain easy to exfiltrate and hard to govern, according to 1Password. The real issue is not just secret storage but the assumption that access can stay visible and reviewable once an agent is executing at runtime.

NHIMG editorial — what this means for NHI practitioners

Questions worth separating out

Q: How should security teams handle credentials used by AI coding agents?

A: Security teams should keep credentials outside the agent context and issue them only for the task that needs them.

Q: Why do AI coding agents complicate secrets management?

A: AI coding agents complicate secrets management because they combine prompting, execution, and environment setup in one workflow.

Q: What breaks when secrets are placed inside model context?

A: What breaks is the assumption that a secret stays visible only to the authorised process.

Practitioner guidance

  • Separate orchestration from custody Keep coding agents able to request actions without exposing raw secrets in prompts, terminals, or repositories.
  • Review every workflow that still depends on .env files Map which development and deployment flows still rely on shared environment files, hardcoded values, or copied secrets.
  • Treat agent approval as part of the identity control path Make explicit user approval, request validation, and scoped task authorisation part of the access decision rather than an informal developer step.

What's in the full announcement

1Password's full analysis covers the operational detail this post intentionally leaves for the source:

  • Step-by-step workflow for connecting Codex to a local MCP server and 1Password Environments
  • Concrete examples of how variables are injected at runtime without exposing raw secret values
  • Developer-facing guidance for scanning repositories for plaintext secrets and replacing them with secure references
  • Practical setup details for extending the same environment pattern from local development to staging and production

👉 Read 1Password's analysis of Codex access to secrets and runtime injection →

AI coding agents and secrets: what governance gap are teams missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Secrets-in-context is a trust failure, not just a storage problem. The article describes a workflow where coding agents can act on systems without ever being given raw secret values, which is the right boundary for this class of identity. Once credentials enter prompts, terminals, or repositories, the trust model collapses into uncontrolled exposure paths that normal secrets tooling was not designed to govern. Practitioners should treat model context as an untrusted execution surface, not a credential container.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.

A question worth separating out:

Q: Who should own access decisions for AI agent secrets?

A: Access decisions should be owned by the identity and security function, with approval tied to the task and the actor's scope, not left implicit inside the developer workflow. That gives teams a way to preserve oversight while still supporting automation. If approval is unclear, the secret will drift into places that governance cannot reliably inspect.

👉 Read our full editorial: Codex access to secrets exposes the limits of agent governance



   
ReplyQuote
Share: