<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Credentials on FindPicked</title><link>https://findpicked.com/tags/credentials/</link><description>Recent content in Credentials on FindPicked</description><generator>Hugo</generator><language>en</language><lastBuildDate>Tue, 30 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://findpicked.com/tags/credentials/index.xml" rel="self" type="application/rss+xml"/><item><title>Least-Privilege Setup for AI Coding Agents</title><link>https://findpicked.com/blog/least-privilege-ai-coding-agents/</link><pubDate>Tue, 30 Jun 2026 00:00:00 +0000</pubDate><guid>https://findpicked.com/blog/least-privilege-ai-coding-agents/</guid><description>&lt;p&gt;AI coding agents can save hours, but they can also turn a bad prompt, poisoned repo, or overpowered tool call into a real incident. The safest pattern is to assume the agent is useful but not fully trustworthy, then design its environment around &lt;strong&gt;least privilege&lt;/strong&gt;, &lt;strong&gt;ephemeral credentials&lt;/strong&gt;, &lt;strong&gt;approval gates&lt;/strong&gt;, and &lt;strong&gt;sandboxed execution&lt;/strong&gt;.&lt;/p&gt;
&lt;p&gt;This guide shows how to build that setup in practice. It focuses on the controls that matter most now for developers: narrow repo access, just-in-time credentials, policy-enforced tool use, and isolated runners that keep one unsafe action from becoming a production problem.&lt;/p&gt;</description></item><item><title>How to Sandbox AI Coding Agents Safely</title><link>https://findpicked.com/blog/sandbox-ai-coding-agents/</link><pubDate>Sat, 27 Jun 2026 00:00:00 +0000</pubDate><guid>https://findpicked.com/blog/sandbox-ai-coding-agents/</guid><description>&lt;p&gt;AI coding agents are safest when you assume they will eventually run the wrong command, install the wrong package, or follow a malicious instruction hidden in code or docs. The practical response is to contain them by default with &lt;strong&gt;disposable workspaces&lt;/strong&gt;, &lt;strong&gt;least-privilege credentials&lt;/strong&gt;, package and network controls, and &lt;strong&gt;approval checkpoints&lt;/strong&gt; before anything sensitive happens.&lt;/p&gt;
&lt;p&gt;This guide shows how to set up those controls in real developer workflows so an agent can still edit code and run tests without inheriting access to your laptop, cloud admin account, or production systems. The goal is not to make agents useless; it is to make mistakes cheap and reversible.&lt;/p&gt;</description></item></channel></rss>