We all want our AI agents to be autonomous. We want them to query databases, call external APIs, and execute workflows without a human having to click "Approve" 500 times a day.

But there is a massive, often-ignored flaw in how we are building these systems: we are giving autonomous agents permanent credentials.

Pasting a long-lived OpenAI API key, a Stripe token, or a GCP service account JSON directly into an agent's configuration is the modern equivalent of leaving the master key under the doormat. If that agent suffers a prompt injection attack, or simply hallucinates and goes off-script, that permanent credential can be weaponized in milliseconds.

The Problem: Permanent Access is a Permanent Liability

Without governance, agents end up with secrets hardcoded into their environments. This creates three critical blind spots:

No audit trail — you don't know when the secret is actually being used versus just sitting idle.
Infinite blast radius — a compromised agent has unlimited time to abuse the credential.
The revocation nightmare — if a key leaks, you have to hunt down every single agent, service, and environment using it before you can safely roll the key without causing a catastrophic outage.

Agents shouldn't own credentials. They should borrow them.

The Twist: Just-In-Time (JIT) Leases

The MITRITY Credential Broker fundamentally shifts the security model. Instead of handing an agent a secret, the broker holds the secret value in an encrypted vault. When the agent needs to act, it requests a time-bound, agent-scoped, revocable lease.

We structure this using a strict, logical three-tier model:

The Credential (the value) — the actual secret (e.g. your PostgreSQL password or OpenAI key). It lives encrypted at rest in the MITRITY vault. You create it once.
The Grant (the permission) — this dictates who is allowed to use the secret. For example, "the Customer Support Agent is allowed to ask for the Zendesk token." Without a grant, the agent gets a hard 403 Forbidden.
The Lease (the checkout) — this is the magic layer. An authorized agent requests a lease. The broker validates the grant and issues the secret to the agent via the MITRITY Gateway or Sidecar, but only for a specific time window.

When the TTL (time-to-live) expires, the credential vanishes from the agent's context.

Envelope Encryption & Zero Blind Spots

We don't take secret storage lightly. Credential values in MITRITY are secured using envelope encryption with GCP Cloud KMS.

Every tenant has its own Data Encryption Key (DEK). When an agent with a valid lease needs the secret, MITRITY unwraps the DEK, decrypts the value, hands it to the agent, and immediately discards the keys. The plaintext value never persists outside the active request scope, and it is never returned in standard API responses.

The Cascading Revocation Superpower

Here is where this model pays off instantly. Let's say an OpenAI key gets leaked, or you detect highly anomalous behavior from an execution agent.

In a traditional setup, rotating that key is a cross-team fire drill. With MITRITY, you use cascading revocation:

Delete or suspend the central Credential.
MITRITY instantly revokes all Grants attached to it.
MITRITY instantly terminates every active Lease currently checked out by any agent across your entire architecture.

The cutoff is immediate. The next time the agent tries to resolve that credential through the Gateway or Sidecar, it fails closed. You can then update the credential value in the broker, and new leases automatically start using the clean key.

Trust Agents by Verifying Their Access

To scale AI autonomously, you have to assume that eventually, an agent will be compromised or tricked. The goal isn't to build a perfect agent; the goal is to build an environment where a compromised agent can't do any real damage.

By stripping permanent credentials away from your agents and moving to a model of JIT leases, you shrink the attack surface of your AI infrastructure down to seconds.

Want to see how easy it is to implement JIT credentials for your agents? Check out the MITRITY Credential Broker documentation and let's get your secrets out of your agent configurations today.

MITRITY is an intent-aware governance platform for autonomous AI agents. Start a free trial or read the documentation to take credentials out of your agent configs.