Zero-Touch Secrets Management: Securing Ci/Cd Pipelines Through Ephemeral Credentials
DOI:
https://doi.org/10.63278/jicrcr.vi.3601Abstract
Modern continuous integration and deployment pipelines rely on sensitive credentials for accessing cloud services, artifact repositories, and deployment targets, creating significant security vulnerabilities when these secrets are managed through traditional static credential approaches. This research presents a zero-touch secrets management architecture that eliminates persistent credentials from automated build environments by implementing ephemeral, identity-bound credentials with just-in-time issuance and automatic revocation. The proposed system establishes pipeline identity through cryptographic attestation rather than shared secrets, enabling workload-specific credential generation with strict temporal and scope limitations measured in minutes rather than months. Through identity-based encryption, credentials remain cryptographically bound to their intended execution context, preventing lateral movement even if intercepted during transmission. The architecture integrates trust authorities for identity validation, secrets brokers for dynamic credential generation, and comprehensive audit systems for forensic traceability. Implementation considerations address the challenges of cryptographic algorithm selection, policy engine design for attribute-based access control, and integration with diverse pipeline orchestration platforms. The zero-touch approach fundamentally reduces attack surfaces by ensuring credentials exist only during active use, automatically rotate without operational intervention, and provide complete audit trails for compliance and investigation. This paradigm shift aligns with zero-trust security principles, transforming CI/CD credential management from a persistent vulnerability into an autonomous, self-securing system that maintains security without sacrificing developer velocity or operational efficiency.Downloads
Published
2025-12-02
How to Cite
Lakade, S. (2025). Zero-Touch Secrets Management: Securing Ci/Cd Pipelines Through Ephemeral Credentials. Journal of International Crisis and Risk Communication Research , 499–509. https://doi.org/10.63278/jicrcr.vi.3601
Issue
Section
Articles
