Credentials discovery

With BalkanID, organizations can discover, inventory, and govern credentials across all connected applications as part of IGA for Non-Human Identities (NHI). Credentials include access keys, API keys, service account keys, SSH keys, and other non-human access mechanisms.

Credentials Discovery is the first step in governance. It enables teams to identify where credentials exist, who or what they are associated with, and what level of access they provide.

All discovered credentials are consolidated into a centralized Credentials tab, providing visibility into credential usage, ownership, and risk posture.

Viewing Credentials

Users, Risk Managers, and IT Administrators can navigate to the Credentials tab from the navigation bar to view all credentials extracted across applications.

Each credential record represents a unique credential and includes metadata, associated identity, usage details, and risk insights.

Credential Fields

The Credentials tab displays the following fields for each credential:

Credential Insights (Risk Signals)

BalkanID automatically evaluates credentials and generates insights to highlight potential security risks.

These insights help identify misconfigurations, stale credentials, and excessive access.

Common insights include:

• Active credential for inactive identity Indicates that the parent identity is inactive, but the credential is still active. This presents a critical security risk.

• Credential extremely old (>180 days) Credentials that have not been rotated for extended periods are more likely to be compromised.

• Credential not rotated (>90 days) Indicates that the credential does not meet recommended rotation policies.

• Credential unused (>90 days) Credentials that have not been used recently may be unnecessary and should be reviewed or deactivated.

• Multiple active credentials Indicates that an identity has multiple active credentials, increasing the attack surface.

Each insight is accompanied by recommended remediation actions.

Filtering and Investigation

Users can filter credentials based on multiple parameters such as:

• Last used date

• Creation or rotation timelines

• Insight type (risk category)

• Application or identity

This allows teams to quickly identify and prioritize high-risk credentials for remediation.

Credential Access and Blast Radius

Each credential has a detailed view that shows the resources and connections it has access to.

This includes:

• Roles and permissions granted

• Resources accessible via the credential

• The full chain of access from credential to resource

This helps teams understand the blast radius of a credential in case of compromise.

Identities can be remapped if incorrectly classified to ensure accurate governance.

Identity vs Non-Identity Credentials - Planes of Access

Credentials operate across different access planes:

• Identity Credentials

  • Example: Service account keys, HMAC keys

  • Inherit IAM permissions from the associated identity

• Non-Identity Credentials

  • Example: API keys, SSH keys

  • Provide direct or scoped access to services or resources

For example:

• A service account key can modify infrastructure (via IAM roles)

• A SSH key can directly log into a VM (system-level access)

Understanding this distinction is critical for accurate risk assessment.

Credentials Discovery enables organizations to:

• Gain visibility into all credentials

• Identify and remediate risks

• Understand access and blast radius

• Extend governance to non-human identities

This forms the foundation for NHI Identity Governance.