Machine Identities in Embeddings, Explained

When a contractor leaves a company, the CI pipelines they built often keep running. Those pipelines still hold the service account token that was used to call the organization’s embedding API, and they continue to send raw documents for vectorization. The result is a steady stream of proprietary text flowing through an uncontrolled channel, invisible to anyone who now owns the data.

A machine identity is any non‑human principal, service accounts, CI tokens, or automated keys, that authenticates software to a backend. Unlike a human user, a machine identity rarely has a password rotation policy, and it is typically granted broad permissions so that developers can move fast.

Embeddings turn raw text into high‑dimensional vectors that power semantic search, recommendation, and downstream LLM prompts. When a model consumes those vectors, the original text is often no longer stored, but the raw input that generated the vector may contain personally identifiable information, trade secrets, or regulated data.

Why static machine identities are a liability for embeddings

Because a machine identity is issued once and lives indefinitely, an attacker who discovers the token can replay embedding requests forever. The token also bypasses any human‑in‑the‑loop review, so sensitive snippets can be vectorized and later reconstructed through similarity queries. In many organizations the token is hard‑coded into build scripts, meaning that even after a developer departs the credential remains active.

Beyond theft, static credentials make it impossible to know which piece of code generated a particular vector. Auditors cannot answer questions like “who sent this document to the embedding service on Tuesday?” without a dedicated logging layer, and the organization loses the ability to enforce data‑loss‑prevention policies on the fly.

Machine identity requirements for a secure data path

The first line of defense is to treat the embedding service as a protected resource and place a gate that every request must cross. That gate should:

Validate the machine identity against an identity provider at the moment of request.
Issue short‑lived, just‑in‑time credentials so that a token cannot be reused after the operation completes.
Record the full request and response metadata for later replay or audit.
Inspect the payload and mask any fields that match regulated patterns before they reach the embedding engine.
Require an explicit approval step for high‑risk inputs, such as documents containing health information or financial data.

Only a component that sits in the data path can guarantee that every call is subject to those controls. Identity verification alone, performed by an IdP, does not enforce masking or approval because the request flows directly to the embedding backend.

Continue reading? Get the full guide.

Just-in-Time Access + Machine Identity: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Introducing hoop.dev as the enforcement point

hoop.dev is a Layer 7 gateway that proxies connections to infrastructure, including HTTP‑based AI services that expose embedding endpoints. When a request arrives, hoop.dev validates the machine identity token, exchanges it for a short‑lived service credential, and then forwards the call to the embedding engine.

Because hoop.dev sits in the data path, it can apply the policies listed above. It records each embedding request, masks sensitive substrings in real time, and can pause the flow for a human approver when the payload matches a high‑risk pattern. The gateway also enforces just‑in‑time access, so the original static token never touches the backend.

How hoop.dev delivers the enforcement outcomes

hoop.dev records every session, creating an audit trail that shows which machine identity triggered which embedding operation. It masks fields that match configured regexes, ensuring that PII never reaches the vectorizer. When a request exceeds a risk threshold, hoop.dev blocks the call and surfaces an approval workflow to the responsible team. All of these outcomes exist only because hoop.dev is the sole point where traffic is inspected.

Adopting the gateway for your embedding service

Deploy the gateway close to the embedding endpoint, typically as a Docker Compose service for a quick start, or as a Kubernetes deployment for production. Connect the gateway to your organization’s OIDC provider so that it can verify machine identity tokens. Define masking rules and approval policies in the configuration UI, then let developers point their client libraries at the hoop.dev endpoint instead of the raw service URL.

The getting started guide walks you through the deployment steps, while the learn section explains how to craft masking and approval policies. Because hoop.dev is open source, you can audit the code yourself or contribute improvements.

FAQ

Does hoop.dev replace the identity provider?

No. hoop.dev consumes the identity token issued by your OIDC or SAML provider. It adds a policy enforcement layer on top of the existing authentication flow.

Can hoop.dev work with existing CI pipelines?

Yes. You simply change the endpoint that the pipeline calls to the hoop.dev proxy. The pipeline continues to use its existing service account token; hoop.dev validates it and then issues a short‑lived credential for the actual embedding request.

Is there any performance impact?

hoop.dev adds a lightweight inspection step. In most deployments the added latency is measured in milliseconds, which is negligible compared to the time spent generating embeddings.

Explore the source code and contribute on GitHub: hoop.dev repository.