Skip to main content
Application Security Standards
Machine Identity Governance: A Security Engineer's ReferenceStandards
5 min readFor Security Engineers

Machine Identity Governance: A Security Engineer's Reference

Scope - What This Guide Covers

This guide focuses on implementing machine identity security programs. You'll find specific controls for service accounts, API keys, certificates, tokens, and AI agents that operate autonomously in your environment.

What's included:

  • Discovery and inventory methods for non-human identities
  • Privilege assignment frameworks aligned with ISO/IEC 27001:2022 Control 8.2
  • Lifecycle management for machine credentials
  • Monitoring patterns for autonomous AI agents

What's not covered: Human identity management, SSO configuration, or workforce authentication flows.

Key Concepts and Definitions

Machine identity: Any credential used by software, services, or automated processes to authenticate. This includes service accounts, API keys, SSH keys, TLS certificates, OAuth tokens, and database credentials.

Agentic AI identity: Machine identities that execute multi-step workflows without human intervention. These systems query APIs, modify data, and make decisions based on reasoning chains.

Identity sprawl: The ratio of machine-to-human identities in your environment. Compromised machine credentials are now among the most common initial access vectors in major breaches, yet most organizations maintain incomplete inventories.

Least privilege for machines: Time-bound, scope-limited permissions that expire after task completion. Unlike human accounts, machine identities should operate with explicit start and end conditions.

Requirements Breakdown

Discovery Requirements

Your first challenge: you can't secure what you can't see. For every human identity, you may have dozens of machine identities scattered across:

  • Source code repositories (hardcoded keys, config files)
  • CI/CD pipelines (deployment credentials, registry tokens)
  • Container orchestration (Kubernetes secrets, service mesh certificates)
  • Cloud IAM (instance profiles, service principals, workload identities)
  • Third-party SaaS integrations (webhook secrets, API tokens)

ISO/IEC 27001:2022 Control 5.18 requires you to maintain an inventory of information and associated assets. This extends to every credential that can access your systems.

Privilege Assignment Requirements

NIST 800-53 Rev 5 AC-6 mandates least privilege enforcement. For machine identities, this means:

  • Scope credentials to specific resources, not broad admin roles
  • Implement time-based expiration (maximum 90 days for long-lived credentials)
  • Use workload identity federation instead of static keys where possible
  • Assign read-only access by default; require justification for write permissions

For agentic AI specifically: these systems give large language models the ability to take real actions on your behalf. If an AI agent can read your customer database and send emails, a prompt injection could exfiltrate data through legitimate channels.

Monitoring Requirements

NIST CSF v2.0 function DE.CM-1 requires continuous monitoring of networks and physical environments. Extend this to machine identity usage:

  • Log every credential use with timestamp, source IP, and resource accessed
  • Alert on credential use from unexpected geographic locations
  • Track permission escalation attempts
  • Monitor for credentials used outside normal operational hours

Implementation Guidance

Phase 1: Establish Baseline Visibility

Start with automated discovery tools that scan:

  1. Your source control system for committed secrets
  2. Cloud provider APIs for service accounts and roles
  3. Certificate stores for expiring or wildcard certificates
  4. Container registries for embedded credentials

Build a central inventory with these fields: credential type, creation date, last rotation date, assigned permissions, owning service, and business justification.

Phase 2: Implement Rotation Policies

Static credentials that never rotate represent your highest risk. Prioritize:

High-risk credentials (rotate every 30 days):

  • Database passwords with write access
  • Cloud admin service accounts
  • API keys with customer data access

Medium-risk credentials (rotate every 90 days):

  • Read-only database credentials
  • Internal API tokens
  • CI/CD deployment keys

Certificate-based authentication (rotate 30 days before expiration):

  • TLS certificates
  • mTLS service mesh identities
  • Code signing certificates

Phase 3: Scope AI Agent Permissions

For each AI agent deployment, document:

  • What APIs it can call
  • What data it can read and write
  • What external services it can access
  • What decisions it can make without human approval

Implement guardrails before deployment:

  • Allowlist specific API endpoints, not entire services
  • Use separate read and write credentials
  • Log every action with the reasoning chain that triggered it
  • Build kill switches that disable agent access without affecting production systems

Phase 4: Automate Lifecycle Management

Manual credential management doesn't scale. Build workflows that:

  • Generate credentials on-demand when services deploy
  • Revoke credentials automatically when services terminate
  • Detect unused credentials (no authentication attempts in 30 days)
  • Enforce approval workflows for privilege escalation requests

Common Pitfalls

Treating machine identities as "set and forget": Unlike humans who change roles or leave the company, machine identities persist indefinitely unless you actively manage their lifecycle. That API key you created for a proof-of-concept three years ago still works.

Reusing credentials across environments: Your staging database password should never match production. Credential reuse means a compromise in your test environment becomes a production incident.

Granting broad permissions "to make things easier": An AI agent doesn't need cluster-admin rights to read pod logs. Start with the minimum required permission and expand only when you hit a specific limitation.

Ignoring embedded credentials: Secrets in container images, Lambda deployment packages, and compiled binaries are discoverable by anyone with read access to those artifacts. Use secret injection at runtime instead.

Skipping the business justification: Every machine identity should map to a specific business function. "Legacy system" isn't a justification -- it's a signal that you need to investigate whether that credential is still required.

Quick Reference Table

Identity Type Max Lifetime Rotation Trigger Monitoring Priority
Cloud service account with admin rights 30 days Role change, service deprecation Critical - alert on every use
API key (write access) 30 days Permission change, owning service update High - daily usage review
Database password 90 days Schema migration, service migration High - alert on off-hours access
TLS certificate Until expiration 30 days before expiry Medium - track expiration dates
AI agent token 90 days Model update, capability expansion Critical - log all actions with context
Read-only API token 90 days Unused for 30 days Low - quarterly access review
SSH key (service-to-service) 90 days Infrastructure change Medium - alert on new source IPs

Compliance mapping: This table satisfies ISO/IEC 27001:2022 Control 8.3 (information access restriction) and NIST 800-53 Rev 5 IA-5 (authenticator management).

Your machine identity inventory grows every time a developer spins up a new service or an AI agent gets deployed. The security controls that worked when you had 50 service accounts won't scale to 5,000. Build the discovery and lifecycle automation now, before a compromised API key becomes your initial access vector.

Topics:Standards

You Might Also Like

PCI DSS v4.0.1 Script Management: Your Questions Answered
5 min readFor Compliance Teams

PCI DSS v4.0.1 Script Management: Your Questions Answered

These questions come from compliance teams I ve talked to over the past six months. The new PCI DSS v4.0.1 requirements around payment-page scripts caught many organizations off guard. Requirement 6.4

Read
When the NVD Fails: Your Vulnerability Response Checklist
5 min readFor Compliance Teams

When the NVD Fails: Your Vulnerability Response Checklist

The National Vulnerability Database backlog isn t just NIST s problem—it s yours. When the OIG found that analysts severity calculations matched NIST s only 12% of the time, they exposed a systemic is

Read
Setting Up AI-Powered Vulnerability Scanning After Mozilla's Claude Mythos Success
5 min readFor Security Engineers

Setting Up AI-Powered Vulnerability Scanning After Mozilla's Claude Mythos Success

Mozilla scanned Firefox using Opus 4.6, then gave Claude Mythos access to the codebase. The AI model identified 271 vulnerabilities in Firefox 150. This was not a research project or a proof of concep

Read