They assume a bypassed node is effectively absent. In practice, the node can still leave widget values behind in the saved canvas state, so the secret may remain recoverable even when the node never executed. Teams need to verify persistence, not just runtime behaviour.
Why This Matters for Security Teams
Bypassed nodes are often treated as if they never existed, but secret handling does not stop at runtime execution. In workflow builders, agent graphs, and low-code canvas tools, values can persist in saved state, metadata, or node configuration even when a path is disabled. That means a “safe” bypass can still leave recoverable credentials behind, which changes the risk from execution control to data persistence control.
This is especially important where secrets are embedded in widgets, parameters, or node defaults. Security teams usually focus on whether a node ran, but the more relevant question is whether the secret was ever serialized into the workflow artifact. The State of Secrets in AppSec research shows how often secret hygiene breaks down in practice, and the OWASP Non-Human Identity Top 10 reinforces that secret exposure is a lifecycle problem, not just an access-control problem. In practice, many security teams discover recoverable secrets only after a canvas export, incident review, or downstream repo scan has already surfaced them.
How It Works in Practice
Teams need to inspect both the runtime path and the persisted object model. A bypassed node may not execute, but its fields can still be written into canvas state, exported JSON, audit snapshots, or collaboration history. The control failure is usually in serialization, not computation. If the UI stores the widget value before the bypass decision, the secret can remain retrievable until the artifact itself is scrubbed or redacted.
Operationally, this means security review should check where secrets are introduced, where they are stored, and whether disabled nodes are still included in saved workflows. The most reliable patterns are:
- Use references to a secrets manager instead of pasting raw credentials into node fields.
- Redact sensitive parameters before save, export, and versioning operations.
- Verify whether the platform persists disabled or bypassed nodes in full canvas state.
- Separate execution gating from storage controls so a bypass does not imply deletion.
- Scan workflow artifacts, not just logs, for recovered values and encoded secrets.
For control design, NIST SP 800-53 Rev. 5 is useful for framing data protection, configuration management, and least privilege, while the NHIMG Ultimate Guide to NHIs explains why static secret placement creates enduring exposure even when execution is interrupted. These controls tend to break down when the workflow platform treats node configuration as benign metadata because the secret has already been written into a durable artifact.
Common Variations and Edge Cases
Tighter redaction and persistence controls often increase operational friction, requiring organisations to balance usability against secret exposure risk. That tradeoff becomes sharper in low-code tools, approval workflows, and AI orchestration platforms where users expect to pause, bypass, or clone nodes without losing state.
There is no universal standard for this yet, but current guidance suggests treating bypassed nodes as potentially sensitive until proven otherwise. Edge cases include conditional branches that preserve values in hidden fields, template libraries that copy secret-bearing defaults, and collaborative canvas tools that retain history even after visible deletion. The Guide to the Secret Sprawl Challenge is relevant here because sprawl often comes from persistence layers that are overlooked during cleanup, not from the active path alone. The same pattern appears in supply-chain and collaboration exposures discussed in the Reviewdog GitHub Action supply chain attack, where seemingly auxiliary systems preserved sensitive content longer than expected.
For teams handling regulated data or high-value credentials, the practical rule is simple: if a node can be bypassed, it can still be persisted, copied, cached, or exported. In those environments, the safe assumption is not “inactive means absent” but “inactive may still be recoverable.”
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Addresses secret lifecycle risk when workflow nodes persist credentials. |
| NIST CSF 2.0 | PR.DS-1 | Protects data at rest, including secrets left in saved canvas state. |
| OWASP Agentic AI Top 10 | A1 | Agent workflows can retain sensitive context even when execution is bypassed. |
| NIST AI RMF | AI governance must account for state persistence beyond runtime behaviour. |
Classify workflow state as sensitive data and apply encryption, access limits, and redaction controls.
Related resources from NHI Mgmt Group
- What do security teams get wrong about secrets in third-party code and integrations?
- What do teams get wrong about rotating NHI secrets after compromise?
- What do teams get wrong about sharing secrets through collaboration tools?
- What do teams get wrong about provisioning secrets in app integrations?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org