Security teams should remove credentials from code, store them in managed secret systems, and use runtime injection or short-lived tokens instead. They also need continuous scanning for exposed keys in repositories, build logs, and tickets. The control only works if discovery, rotation, and revocation are automated.
Why This Matters for Security Teams
Hardcoded secrets turn source code, build artifacts, tickets, and chat tools into an unbounded credential store. That is especially dangerous for NHIs because a leaked API key or token often has direct machine-to-machine reach, not just application access. GitGuardian’s The State of Secrets Sprawl 2026 found 64% of valid secrets leaked in 2022 were still valid and exploitable today, which shows why discovery alone is not enough. The real failure is lifecycle control: issue less, bind more tightly, rotate faster, and revoke automatically.
Security teams also need to treat repositories and collaboration systems as live attack surfaces. NHIMG’s Guide to the Secret Sprawl Challenge and the 52 NHI Breaches Analysis both show that credential exposure usually happens across the delivery path, not just in production. That means code review, CI/CD, issue tracking, and logs all need the same secret controls as vaults and runtime workloads. In practice, many security teams encounter the breach after a leaked secret has already been reused across environments, rather than through intentional discovery.
How It Works in Practice
The practical control pattern is simple: remove secrets from code, replace them with runtime retrieval, and force every credential to have a short usable life. Managed secret systems should issue values only when the workload proves its identity, then inject them at startup or on-demand through a broker. For NHIs, this is stronger when paired with workload identity so the system can decide what the agent, service, or pipeline is allowed to do at request time rather than relying on static role assignment. The OWASP Non-Human Identity Top 10 is useful here because it frames secret handling as an identity problem, not just a storage problem.
A mature implementation usually includes:
- pre-commit and CI scanning for keys, tokens, certificates, and accidental secret copies in logs
- secret brokers or vaults that deliver credentials only at runtime
- automatic rotation on a fixed TTL, plus immediate revocation when exposure is detected
- policy checks that tie access to workload identity, environment, and task context
- separate handling for build systems, deployment runners, and production services
For machine identities, this is where JIT credentials matter most: the credential should exist only for the task, not for the lifetime of the application. That approach also aligns with guidance in the Anthropic report on the first AI-orchestrated cyber espionage campaign, which underscores how quickly automated systems can chain access once a credential is available. These controls tend to break down in legacy batch jobs and long-lived CI runners because the workload cannot easily re-authenticate without redesigning the pipeline.
Common Variations and Edge Cases
Tighter secret controls often increase operational overhead, requiring organisations to balance faster delivery against more frequent rotation and stronger automation. That tradeoff is especially visible in environments with vendor integrations, air-gapped systems, or third-party agents that cannot yet support dynamic credential injection. Current guidance suggests using the shortest feasible TTL, but there is no universal standard for every workload class yet.
Some edge cases need explicit treatment. A shared service account embedded in an old integration may be impossible to remove immediately, so the safer interim step is scope reduction, segmented access, and aggressive monitoring until the dependency is retired. Container images are another common exception: GitGuardian’s 2025 research found around 100,000 valid secrets in public Docker images, with ENV instructions driving most leaks, so image scanning and secret-free builds matter as much as source scanning. For agentic or autonomous systems, this problem is sharper because tools may be invoked in unpredictable sequences, and a leaked secret can be used outside the original intent of the workflow. NHIMG’s Reviewdog GitHub Action supply chain attack is a reminder that CI components themselves can become secret exfiltration paths. The control fails fastest when long-lived credentials are reused across repositories, runners, and environments without a revocation pipeline.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Addresses secret sprawl, rotation, and exposed machine credentials directly. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege and access governance are central to stopping credential misuse. |
| NIST AI RMF | AI RMF supports governance for automated systems that can misuse exposed secrets. |
Assign ownership, monitoring, and incident response for secret use across automated workloads.
Related resources from NHI Mgmt Group
- How should security teams decide whether JIT access is safe for non-human identities?
- How should teams reduce the risk from exposed NHI secrets?
- How should security teams implement zero standing privilege for service accounts and AI agents?
- How should security teams reduce standing privilege in NHI environments?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 31, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
