Organisations should do both, but agent governance comes first when autonomous systems already hold live access. Rotating secrets helps only if you also know which agents possess them, what those agents can reach, and how to shut them down quickly when behaviour changes.
Why This Matters for Security Teams
For autonomous systems, the question is not simply whether secrets should be rotated faster. The real issue is whether the organisation can answer three basics at runtime: which agent has access, what that agent can do, and how quickly that access can be cut off if behaviour changes. That is why agent governance has to lead when live agent access already exists. secrets rotation is still necessary, but it is only one control in a broader identity and authorisation model.
Practitioners often underestimate how quickly NHI sprawl becomes agent sprawl. Entro Security reports that 44% of NHI tokens are exposed in the wild, and 91% of former employee tokens remain active after offboarding in The 2025 State of NHIs and Secrets in Cybersecurity. Those conditions are especially dangerous for goal-driven agents because a token is not just a credential, it is a path to action. Guidance from OWASP Non-Human Identity Top 10 and the NIST AI Risk Management Framework both point toward lifecycle control, traceability, and accountability rather than standalone secret hygiene.
In practice, many security teams encounter agent misuse only after a production token has already been reused, over-scoped, or shared across workflows.
How It Works in Practice
The most effective pattern is to treat the agent as a governed workload identity, not as a human user with a long-lived password. That means pairing workload identity with policy evaluation at request time, then issuing dynamic, short-lived secrets only when the task requires them. For agentic systems, static RBAC alone is rarely enough because the access path depends on intent, context, and the tool chain the agent is trying to invoke.
A practical control stack usually looks like this:
- Identify each agent as a distinct workload, then bind it to a cryptographic identity rather than a shared API key.
- Use JIT credentials with short TTLs so access expires automatically after the task or session ends.
- Evaluate authorisation at runtime, using intent-based or context-aware policy rather than fixed role assumptions.
- Keep high-risk secrets in a vault, but issue them only when the agent proves need, scope, and approval.
- Log each access decision, including which tool, resource, and prompt-driven action triggered it.
This is where lifecycle discipline matters. NHIMG’s Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs and Guide to the Secret Sprawl Challenge both reinforce that discovery, ownership, and revocation must come before broad rotation campaigns. The same pattern is reflected in CSA MAESTRO agentic AI threat modelling framework, which emphasises runtime threat modelling for dynamic agent behaviour, and in NIST Cybersecurity Framework 2.0, which prioritises governance, protection, detection, and response as linked functions.
These controls tend to break down when agents share one credential across multiple tools and environments because the organisation loses both attribution and containment.
Common Variations and Edge Cases
Tighter secret controls often increase operational overhead, requiring organisations to balance faster rotation against service continuity and incident response complexity. That tradeoff is real, especially where legacy systems cannot yet support short-lived credentials or request-time policy checks.
Current guidance suggests a split strategy. If the environment is human-operated with limited secret exposure, rotation may be the first practical step. If autonomous agents already have live access, governance comes first because revocation, scoping, and behavioural shutdown matter more than replacing one token with another. There is no universal standard for this yet, but the direction of travel is clear in both OWASP Agentic AI Top 10 and NIST AI Risk Management Framework: control the autonomy first, then reduce secret lifetime.
Two edge cases matter most. First, multi-agent pipelines can amplify risk because one agent may inherit or request access on behalf of another. Second, environments using shared vaults without per-agent attribution can rotate secrets endlessly while preserving the underlying exposure pattern. NHIMG’s research on Top 10 NHI Issues is clear that overused identities and duplicated secrets are often symptoms of weak governance, not weak rotation. In those cases, treat rotation as cleanup, not strategy.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | AGT-01 | Agentic systems need runtime governance beyond static secret rotation. |
| CSA MAESTRO | M1 | MAESTRO focuses on threat modeling and control for autonomous agent behavior. |
| NIST AI RMF | GOVERN | AI RMF governance is relevant to accountability for autonomous systems with live access. |
Assign ownership, monitoring, and incident triggers for each agent identity and action path.
Related resources from NHI Mgmt Group
- Should organisations prioritise secrets rotation or agent approval workflows first?
- Should organisations prioritise secrets rotation or agent identity design first?
- Should organisations prioritise least privilege or lifecycle governance first for AI agents?
- Should organisations prioritise secrets rotation or policy controls first for agents?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 30, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
