What breaks is the assumption that only trusted application code can see those secrets. Any code that executes in the same context, including a poisoned dependency, can scan and exfiltrate them. That creates a shared blast radius between the application and the attacker, which is why persistent secrets in execution contexts are so dangerous.
Why This Matters for Security Teams
Secrets stored in pods or build environments turn a narrow application problem into a platform-wide exposure problem. The issue is not just theft of a token; it is that any process with access to the same execution context can read, reuse, or forward it. That makes Kubernetes workloads, CI jobs, and ephemeral build runners attractive targets for supply chain attacks, dependency poisoning, and lateral movement.
NHIMG research on The State of Secrets in AppSec shows how persistent secret handling remains fragile in practice, with long remediation times after leakage. The broader risk is echoed in the OWASP Non-Human Identity Top 10, which treats exposed workload credentials as a core identity governance failure, not just a misconfiguration.
Security teams often assume that ephemeral infrastructure automatically limits exposure, but pods and build jobs frequently outlive that assumption through logs, mounted files, environment variables, cached layers, and debug tooling. In practice, many teams discover the breach only after a malicious package, compromised pipeline step, or over-permissioned sidecar has already harvested the secret.
How It Works in Practice
The safer pattern is to avoid placing long-lived secrets inside the execution environment at all. Instead, the workload proves its identity at runtime, receives a short-lived credential for a specific task, and loses that credential automatically when the task ends. This is why current guidance increasingly favours workload identity, short TTLs, and just-in-time issuance over static secret injection.
In Kubernetes, that can mean using a workload identity primitive such as SPIFFE or OIDC-backed tokens, then exchanging that identity for a narrowly scoped credential only when the pod actually needs it. In CI/CD, it means issuing pipeline-specific access for one job, one repository, or one deploy step, rather than storing a reusable secret in the runner image or repository variables. NHIMG’s Guide to the Secret Sprawl Challenge and CI/CD pipeline exploitation case study both reflect the operational reality: once a secret is copied into multiple execution contexts, revocation becomes slower and detection becomes harder.
- Use short-lived tokens or certificates with automatic expiry, not reusable static secrets.
- Scope each credential to one workload, one environment, and one purpose.
- Keep secrets out of image layers, environment variables, and shared build caches.
- Rotate or revoke credentials immediately after task completion or failure.
- Log secret access events without logging the secret itself.
For implementation detail, the CISA guidance on secrets handling is useful for operational hygiene, while the SPIFFE overview explains how workload identity can replace static credential distribution. These controls tend to break down when legacy build tooling requires shared credentials across multiple stages, because reuse pressure defeats per-task isolation.
Common Variations and Edge Cases
Tighter secret controls often increase operational overhead, requiring organisations to balance deployment speed against blast-radius reduction. That tradeoff is real in monolithic CI systems, air-gapped clusters, and vendor-managed build environments where short-lived identity is harder to wire in cleanly.
There is no universal standard for this yet, but best practice is evolving toward runtime authorisation and ephemeral issuance rather than permanent secret material. In highly dynamic environments, the hard part is not just secret storage, but secret discovery: inherited environment variables, mounted files from base images, and secrets embedded in automation templates can all bypass policy if teams only secure the primary secret manager.
NHIMG’s 52 NHI Breaches Analysis shows how exposed machine credentials often become the first step in broader compromise chains, especially where the same secret is reused across multiple systems. The practical implication is simple: if the secret must exist in the pod or runner, treat that environment as already partially compromised and design for fast revocation, constrained scope, and aggressive rotation.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Addresses secret exposure and unsafe credential storage in workloads. |
| NIST CSF 2.0 | PR.AC-1 | Access control must limit who or what can retrieve secrets. |
| NIST AI RMF | AI RMF helps govern runtime identity and misuse risk for automated workloads. |
Replace static workload secrets with short-lived identity-bound credentials and remove them from runtime environments.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
