SRE Playbook: A Guide to Discover and Catalog Non-Human Identities (NHI)

A site reliability engineer discusses the challenges faced in managing a modern cloud-native stack, highlighting the complexities and operational risks associated with non-human identities (NHIs) and secrets scattered across various systems like HashiCorp Vault, AWS IAM, Kubernetes, and CI/CD platforms. Despite employing state-of-the-art tools, the fragmented management of secrets and identities introduces blind spots, making it difficult to maintain a complete inventory and enforce security policies effectively. The engineer outlines the limitations of relying solely on secret managers and the need for a comprehensive approach to manage NHIs, which are often overprivileged and under-monitored. While building a custom internal tool for centralizing NHI information offers control, it can be labor-intensive and costly, prompting a consideration of managed solutions like GitGuardian NHI Governance, which centralizes discovery, inventory, and management of NHIs across an environment, offering integrations, policy enforcement, and continuous tracking to enhance security posture without additional engineering effort.