Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Codex credential access: what just-in-time controls change for teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: AI-native development now hinges on ephemeral access design, not secret visibility alone, as 1Password says its Codex integration keeps secrets out of prompts, code, and model context by injecting credentials at runtime and limiting them to approved sessions.

NHIMG editorial — what this means for NHI practitioners

Questions worth separating out

Q: How should security teams handle credentials for coding agents without exposing secrets?

A: Use just-in-time delivery, keep credentials outside prompts and generated output, and bind access to the exact task the agent is performing.

Q: Why do coding agents create new NHI governance problems for IAM teams?

A: Coding agents behave like non-human identities that need real credentials to complete work, but they operate fast enough that traditional review cycles often lag behind their access needs.

Q: What breaks when secrets are allowed into model context windows?

A: Once a secret enters model context, it can be reproduced in prompts, logs, code suggestions, or other tool outputs.

Practitioner guidance

  • Define task-scoped secret issuance for coding agents Issue credentials only for the duration of a specific build, test, or deployment task, then revoke them automatically when the session closes.
  • Keep secrets out of prompts and generated code Block patterns that allow credentials to be copied into prompts, checked into repositories, or echoed into terminals.
  • Map agent workflows to explicit authorization boundaries Document which databases, APIs, and deployment pipelines a coding agent may reach, and require approvals for any expansion beyond that boundary.

What's in the full announcement

1Password's full blog covers the operational detail this post intentionally leaves for the source:

  • The exact Codex workflow for runtime credential injection and approval handling
  • How the Environments MCP Server keeps secrets out of prompts, code, and model context
  • The vendor's explanation of how Unified Access is positioned across humans, AI agents, and machine identities
  • Implementation examples for replacing hardcoded credentials with vaulted references

👉 Read 1Password's analysis of Codex access and just-in-time credential delivery →

Codex credential access: what just-in-time controls change for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Just-in-time secrets are becoming the baseline control for agentic development. The article reflects a wider shift in which coding agents are no longer treated as read-only assistants but as actors that need live credentials to complete work. That means static secret storage is increasingly misaligned with how software is now produced, especially when prompts, terminals, and repositories all become accidental disclosure channels. Practitioners should treat runtime credential delivery as the control boundary, not the vault alone.

A few things that frame the scale:

  • 24,008 unique secrets were exposed in MCP configuration files in 2025 alone, according to The State of MCP Server Security 2025.
  • 53% of MCP servers expose credentials through hard-coded values in configuration files, according to Astrix Security.

A question worth separating out:

Q: Should organisations give AI coding tools standing access to databases and APIs?

A: No, not if the same work can be done with task-scoped credentials. Standing access makes the blast radius larger than the actual task requires and creates persistence that outlives the workflow. The safer pattern is approval-bound, time-limited access that expires as soon as the coding task is complete.

👉 Read our full editorial: 1Password's Codex integration reframes just-in-time AI access



   
ReplyQuote
Share: