Subscribe to the Non-Human & AI Identity Journal
Home Glossary Foundations & NHI Taxonomy Self-Custody
Foundations & NHI Taxonomy

Self-Custody

← Back to Glossary
By NHI Mgmt Group Updated July 8, 2026 Domain: Foundations & NHI Taxonomy

Self-custody is an identity and asset model where the user, not a central provider, holds the credentials that control access. It improves control and portability, but it also means lost credentials can become unrecoverable unless backups and emergency paths are designed in advance.

Expanded Definition

Self-custody is a control model in which the person or system operator holds the credentials, keys, or recovery material needed to prove identity and authorize access, rather than relying on a central issuer or hosted wallet provider. In NHI and agentic AI environments, the term is used most often where keys, certificates, or token-signing material must remain portable across infrastructure, cloud accounts, or tools. That portability is useful, but it also shifts the security burden onto the holder, including backup design, revocation planning, and secure storage. Guidance varies across vendors on whether self-custody includes delegated recovery, shared custody, or threshold schemes, so the operational boundary should be stated explicitly. For governance, self-custody should be evaluated alongside identity lifecycle controls, not treated as a purely technical preference. The most common misapplication is equating self-custody with resilience when the required recovery path is missing or untested.

For baseline identity and access principles, the NIST Cybersecurity Framework 2.0 is a useful reference point for control ownership and recovery planning.

Examples and Use Cases

Implementing self-custody rigorously often introduces recovery complexity, requiring organisations to weigh user autonomy against the operational cost of lost-key events and manual restoration.

  • An engineer stores signing keys in a hardware-backed device and keeps offline recovery material so service deployments can continue if the primary device fails.
  • A team managing machine identities uses self-custodied certificates for internal services, then pairs them with documented rotation and emergency revocation steps.
  • An AI agent retains its own API key material under operator control, which reduces dependency on a central broker but demands strict escrow and access logging.
  • A decentralized identity workflow lets a user move credentials between platforms without reissuing them from a vendor, improving portability across ecosystems.
  • Security teams review self-custody design against NHI lifecycle guidance in the Ultimate Guide to NHIs and compare it with the recovery and assurance concepts described in the NIST Cybersecurity Framework 2.0.

In practice, self-custody appears in service account key management, wallet-based identity, certificate ownership, and agent authorization patterns where a central provider should not hold unilateral control over access.

Why It Matters in NHI Security

Self-custody matters because it can remove single-provider dependency while creating a single-holder failure mode if the credential is lost, exposed, or rotated without coordination. In NHI security, that risk is amplified by the scale of machine identities and the speed at which secrets spread across code, CI/CD, and runtime systems. NHI Mgmt Group reports that 96% of organisations store secrets outside secrets managers in vulnerable locations, and 73% of vaults are misconfigured, which means self-custodied material often ends up harder to govern than centrally issued credentials. The governance question is not whether the operator wants control, but whether the operator can preserve recovery, revoke access quickly, and prove custody boundaries across the full lifecycle. Self-custody should therefore be paired with backup, escrow, rotation, and emergency access procedures, especially where agentic systems can execute with broad authority. For broader NHI governance context, the Ultimate Guide to NHIs is a useful operational reference.

Organisations typically encounter the consequences of weak self-custody only after a lost device, compromised key, or failed migration, at which point access restoration becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-02Covers secret and key handling risks central to self-custody.
NIST CSF 2.0PR.AA-05Addresses identity credential management and recovery for access continuity.
NIST Zero Trust (SP 800-207)Self-custody must still fit zero trust verification and least-privilege access.

Store, rotate, and recover self-custodied credentials under explicit NHI secret controls.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 8, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org