Aembit Extends Secretless CI/CD with Credential Lifecycle Management for GitLab

Silver Spring, USA / Maryland, August 26th, 2025, CyberNewsWire

Aembit, the workload identity and access management (IAM) company, today announced new capabilities for GitLab designed to reduce the security risks of long-lived personal access tokens (PATs) and other secrets needed to automate software delivery, while making it easier to deploy and manage pipelines.

With the introduction of Credential Lifecycle Management and the availability of Aembit Edge as a native GitLab integration, Aembit replaces static credentials with short-lived, policy-controlled access that is created only when required and revoked automatically. This reduces the risk of misuse while giving development teams a simpler, more reliable way to work inside GitLab.

GitLab is one of the most widely used platforms for building and deploying software, enabling the automation that moves code from development into production. Its popularity has also made it a frequent target: long-lived credentials and unmanaged service accounts have been exposed in several high-profile breaches, including incidents at Pearson and the Internet Archive, leading to stolen data and costly downtime.

Aembit Credential Lifecycle Management addresses these risks directly. Instead of PATs that linger for months or years, Aembit issues short-lived credentials only when a pipeline job requires them, then automatically expires them. Access is tied to cryptographically verifiable workload identity and multifactor authentication (MFA) checks and controlled by a policy enforced at runtime, giving organizations both stronger protection and clear audit records of which workloads accessed which resources and when. Meanwhile, related service accounts are created and removed on demand, ensuring that no unused accounts remain active.

Aembit is now listed in the GitLab CI/CD Component Catalog. This makes Aembit directly available inside GitLab, allowing teams to add it to their pipelines without extra configuration or manual setup. This native integration simplifies the process of connecting pipelines to databases, APIs, and cloud services, reducing reliance on embedded secrets and manual credential handling.

“Developers want to move quickly without worrying about where a credential is stored or whether it needs to be rotated,” said Kevin Sapp, co-founder and CTO of Aembit. “Security teams, on the other hand, want assurance that nothing is left exposed. What we’ve built for GitLab satisfies both needs at once: developers get seamless access in their pipelines, and security leaders get the confidence that access is temporary, accountable, and safe.”

Organizations, such as Snowflake, that have adopted the Aembit Workload IAM Platform report meaningful reductions in the time spent managing credentials and fewer disruptions following security incidents. Security teams value the ability to enforce least privilege automatically, while developers appreciate that tokens are provisioned and revoked transparently without additional coding or manual steps. By embedding these controls into GitLab, Aembit allows enterprises to strengthen security while maintaining the speed and consistency expected of modern software pipelines.

The scale of the issue is significant. Non-human identities already outnumber human ones by at least 45 to 1, and credential abuse remains a leading attack vector according to the 2025 Verizon Data Breach Investigations Report. The rise of agentic AI is adding even more autonomous workloads, increasing the demand for secure, short-term access controls. At the same time, engineering teams lose hours each week to manual credential rotation, a process that cannot keep pace with sprawling pipelines and multicloud environments.

Both GitLab Credential Lifecycle Management and the Aembit Edge component are available immediately. Customers can begin with the Aembit Starter Tier and expand into enterprise-grade policy enforcement, conditional access, and reporting as requirements mature.

About Aembit

Aembit is the leading provider of workload identity and access management solutions, designed to secure non-human identities like AI agents, applications, and service accounts across on-premises, SaaS, cloud, and partner environments. Aembit’s no-code platform enables organizations to enforce access policies in real time, ensuring the security and integrity of critical infrastructure. Users can visit aembit.io and follow the company on LinkedIn.

Contact

CMO
Apurva Dave
Aembit
[email protected]