Stop The Secrets Getting Out
Stop The Secrets Getting Out
Recent signers:
Mario Principato and 14 others have signed recently.
The Issue
One of the most significant IT security challenges in the industry today is the widespread use of static long-lived credentials, such as API keys and tokens, which are commonly referred to as non-human identities. These credentials are essential for operating and integrating with IT systems and services, including AI agents. However, their static and long-lived nature poses severe risks of unauthorized access and potential data breaches, particularly as they proliferate across various platforms and services.
I am known as Mr. NHI, the founder of the NHI Mgmt Group (nhimg.org), and I am deeply concerned about the ongoing practice of IT providers issuing long-lived API keys and tokens. These keys and tokens remain active for extended periods, leading to a massive sprawl of secrets that can lead to major security breaches if not managed correctly. This outdated practice puts countless organizations and individual users at risk, as secrets, once compromised, can provide unfettered access to sensitive systems.
Long-lived API keys and tokens have been implicated in several high-profile security breaches, resulting in the leakage of sensitive data and causing significant harm to individuals and businesses alike. For instance, many recent devastating breaches have been traced back to stolen or mismanaged API keys and tokens, illustrating the critical need for immediate change in how these are handled.
The solution is clear: IT providers must transition to more secure methods of authentication, such as short-lived, dynamically generated credentials that can mitigate the risk of secret sprawl. This change will not only protect users from potential breaches but will also enhance the overall security posture of IT systems.
We urge IT providers to prioritize security and embrace cutting-edge solutions for credential management. Transitioning to ephemeral credential mechanisms will drastically reduce the risks associated with stolen or exposed secrets, thereby safeguarding the integrity of services and trust of users.
By signing this petition, you are supporting a much-needed shift towards secure handling of IT credentials. Help urge IT providers to abandon risky static keys and tokens in favor of more secure, temporary solutions. Your support is vital in driving this essential change for a safer digital environment.
I am known as Mr. NHI, the founder of the NHI Mgmt Group (nhimg.org), and I am deeply concerned about the ongoing practice of IT providers issuing long-lived API keys and tokens. These keys and tokens remain active for extended periods, leading to a massive sprawl of secrets that can lead to major security breaches if not managed correctly. This outdated practice puts countless organizations and individual users at risk, as secrets, once compromised, can provide unfettered access to sensitive systems.
Long-lived API keys and tokens have been implicated in several high-profile security breaches, resulting in the leakage of sensitive data and causing significant harm to individuals and businesses alike. For instance, many recent devastating breaches have been traced back to stolen or mismanaged API keys and tokens, illustrating the critical need for immediate change in how these are handled.
The solution is clear: IT providers must transition to more secure methods of authentication, such as short-lived, dynamically generated credentials that can mitigate the risk of secret sprawl. This change will not only protect users from potential breaches but will also enhance the overall security posture of IT systems.
We urge IT providers to prioritize security and embrace cutting-edge solutions for credential management. Transitioning to ephemeral credential mechanisms will drastically reduce the risks associated with stolen or exposed secrets, thereby safeguarding the integrity of services and trust of users.
By signing this petition, you are supporting a much-needed shift towards secure handling of IT credentials. Help urge IT providers to abandon risky static keys and tokens in favor of more secure, temporary solutions. Your support is vital in driving this essential change for a safer digital environment.
Lalit ChodaPetition Starter
40
Recent signers:
Mario Principato and 14 others have signed recently.
The Issue
One of the most significant IT security challenges in the industry today is the widespread use of static long-lived credentials, such as API keys and tokens, which are commonly referred to as non-human identities. These credentials are essential for operating and integrating with IT systems and services, including AI agents. However, their static and long-lived nature poses severe risks of unauthorized access and potential data breaches, particularly as they proliferate across various platforms and services.
I am known as Mr. NHI, the founder of the NHI Mgmt Group (nhimg.org), and I am deeply concerned about the ongoing practice of IT providers issuing long-lived API keys and tokens. These keys and tokens remain active for extended periods, leading to a massive sprawl of secrets that can lead to major security breaches if not managed correctly. This outdated practice puts countless organizations and individual users at risk, as secrets, once compromised, can provide unfettered access to sensitive systems.
Long-lived API keys and tokens have been implicated in several high-profile security breaches, resulting in the leakage of sensitive data and causing significant harm to individuals and businesses alike. For instance, many recent devastating breaches have been traced back to stolen or mismanaged API keys and tokens, illustrating the critical need for immediate change in how these are handled.
The solution is clear: IT providers must transition to more secure methods of authentication, such as short-lived, dynamically generated credentials that can mitigate the risk of secret sprawl. This change will not only protect users from potential breaches but will also enhance the overall security posture of IT systems.
We urge IT providers to prioritize security and embrace cutting-edge solutions for credential management. Transitioning to ephemeral credential mechanisms will drastically reduce the risks associated with stolen or exposed secrets, thereby safeguarding the integrity of services and trust of users.
By signing this petition, you are supporting a much-needed shift towards secure handling of IT credentials. Help urge IT providers to abandon risky static keys and tokens in favor of more secure, temporary solutions. Your support is vital in driving this essential change for a safer digital environment.
I am known as Mr. NHI, the founder of the NHI Mgmt Group (nhimg.org), and I am deeply concerned about the ongoing practice of IT providers issuing long-lived API keys and tokens. These keys and tokens remain active for extended periods, leading to a massive sprawl of secrets that can lead to major security breaches if not managed correctly. This outdated practice puts countless organizations and individual users at risk, as secrets, once compromised, can provide unfettered access to sensitive systems.
Long-lived API keys and tokens have been implicated in several high-profile security breaches, resulting in the leakage of sensitive data and causing significant harm to individuals and businesses alike. For instance, many recent devastating breaches have been traced back to stolen or mismanaged API keys and tokens, illustrating the critical need for immediate change in how these are handled.
The solution is clear: IT providers must transition to more secure methods of authentication, such as short-lived, dynamically generated credentials that can mitigate the risk of secret sprawl. This change will not only protect users from potential breaches but will also enhance the overall security posture of IT systems.
We urge IT providers to prioritize security and embrace cutting-edge solutions for credential management. Transitioning to ephemeral credential mechanisms will drastically reduce the risks associated with stolen or exposed secrets, thereby safeguarding the integrity of services and trust of users.
By signing this petition, you are supporting a much-needed shift towards secure handling of IT credentials. Help urge IT providers to abandon risky static keys and tokens in favor of more secure, temporary solutions. Your support is vital in driving this essential change for a safer digital environment.
Lalit ChodaPetition Starter
Support now
40
Petition updates
Share this petition
Petition created on 7 February 2026