Test the replay path. A platform is not isolated if a secret created by one extension can be copied into another extension’s settings and still decrypt correctly. Also check whether decrypted values are exposed as environment variables or shared memory, because that reveals whether the runtime is enforcing actor boundaries or only encrypting files.
Why This Matters for Security Teams
Extension secret handling is only isolated if one extension cannot influence, observe, or reuse another extension’s decrypted material. That distinction matters because many platforms encrypt data at rest yet still collapse actor boundaries at runtime. If decrypted values land in shared memory, inherited environment variables, or a common process space, isolation is functionally absent even when the storage layer looks secure. The Ultimate Guide to NHIs notes that 96% of organisations store secrets outside of secrets managers in vulnerable locations, which is the same operational failure pattern seen when extensions handle secrets loosely.
Security teams often miss this because they validate encryption claims, not replay resistance. The more useful question is whether a secret can be copied into a second extension context and still decrypt correctly, because that reveals whether the platform binds secrets to an actor boundary or just protects a blob. The same issue shows up in extension ecosystems and supply chain compromises such as Hard-Coded Secrets in VSCode Extensions and Reviewdog GitHub Action supply chain attack, where secret exposure became a platform trust problem rather than a single coding mistake. In practice, many security teams discover weak isolation only after an extension-to-extension replay test has already succeeded in a live environment.
How It Works in Practice
Testing for isolation requires evaluating where decryption happens and what execution context receives the plaintext. A sound design usually binds the secret to a specific extension identity, a specific runtime, and a specific request path. A weak design decrypts once and then makes the plaintext broadly available to anything running in the same host process. That is why runtime boundaries matter as much as storage controls, and why guidance in the OWASP Non-Human Identity Top 10 and NIST SP 800-53 Rev 5 Security and Privacy Controls focuses on least privilege, compartmentalization, and controlled disclosure.
Practically, teams should verify three things:
- Replay resistance: a secret exported from Extension A should fail if imported into Extension B, even if the ciphertext looks valid.
- Plaintext containment: decrypted values should not appear in shared environment variables, logs, crash dumps, or cross-extension memory references.
- Actor binding: the platform should tie secret access to an extension-specific identity rather than to the host process alone.
For higher-confidence testing, compare behavior across fresh installs, extension updates, and multi-extension bundles. Also inspect whether the platform uses per-extension key material, ephemeral session keys, or a common master secret that all extensions can reach. If the same decrypted value can be rehydrated elsewhere, the control is encryption, not isolation. These controls tend to break down when the runtime loads multiple extensions into a single privileged worker because a shared execution boundary erases the distinction between “one extension’s secret” and “everyone’s secret.”
Common Variations and Edge Cases
Tighter secret isolation often increases engineering and operational overhead, requiring organisations to balance stronger containment against extension compatibility and debugging complexity. That tradeoff is real, and current guidance suggests treating full isolation as a security objective rather than assuming every platform can support it equally well. Some extension frameworks intentionally share services for performance, which can make strict actor separation hard to retrofit. In those environments, best practice is evolving toward explicit trust zones, per-extension tokenization, and short-lived secret issuance rather than broad plaintext reuse.
Edge cases matter. A platform may block direct replay but still leak via IPC, telemetry, or diagnostic tooling. Another common failure is “logical isolation” where data is namespaced but decrypted in the same memory space, which is not true isolation. Teams should also pay attention to whether the extension host is local, remote, or browser-based, because the attack surface changes when secrets cross process or network boundaries. The NHIMG analysis 52 NHI Breaches Analysis reinforces that identity compromise often follows weak containment rather than obvious credential theft. When extension ecosystems support plugins from multiple publishers, the boundary is only as strong as the weakest shared runtime service.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0, NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-04 | Tests whether secrets are bound to one NHI context or replayable across extensions. |
| NIST CSF 2.0 | PR.AC-4 | Isolation depends on access enforcement at runtime, not just encrypted storage. |
| NIST AI RMF | Helps assess whether the platform’s secret flow creates unacceptable operational risk. | |
| NIST Zero Trust (SP 800-207) | SC-2 | Zero Trust requires per-request verification of actor boundaries and least privilege. |
| CSA MAESTRO | M1 | Agent and extension runtimes need compartmentalized trust and secret handling. |
Use compartmentalized execution and per-agent secrets so one component cannot reuse another’s credentials.
Related resources from NHI Mgmt Group
- How do security teams know whether Oracle secret handling is actually working?
- How do security teams know if workflow secret handling is actually working?
- How do security teams know whether secret rotation is actually working?
- How do security teams know whether secret management is actually reducing risk?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org