Non-human identity: what it means for your blast radius (on BigQuery)

A tightly scoped blast radius means a compromised service account cannot cascade into a data breach across your BigQuery environment. When every automated job, CI pipeline, or AI‑driven process authenticates with its own identity, you can instantly revoke that single credential and stop the spread of damage. The result is clear: fewer tables exposed, shorter incident response windows, and compliance evidence that shows exactly which non‑human principal performed each query.

In practice, many organizations still treat service accounts like shared passwords. A handful of long‑lived keys are checked into code repositories, copied between teams, or stored in undocumented vaults. When a developer needs temporary access to a new dataset, the usual shortcut is to grant the existing service account broader permissions instead of creating a dedicated identity. The same pattern repeats for CI runners, data‑pipeline jobs, and even experimental AI agents. The consequence is a massive, undifferentiated blast radius: a single leaked token can read, modify, or delete any table the account can reach, and the audit trail often shows only the generic service account name, not the originating process.

Why non‑human identities matter for blast radius

Non‑human identities, service accounts, machine users, and AI agents, are fundamentally different from human users. They do not have a natural “off‑button” like a user can log out or have a manager revoke their access. Instead, they live as static credentials that are copied, rotated infrequently, and used by many automated systems. Because they are long‑lived, any compromise instantly widens the blast radius. Moreover, most logging systems only capture the service account name, making it impossible to attribute a malicious query to the exact job that issued it.

Best practice therefore calls for each automation component to have a dedicated identity with the minimum set of permissions required for its task. This approach, often called “principle of least privilege for machines,” reduces the attack surface and makes revocation precise. However, simply creating many identities is not enough. You still need a control point that can enforce policies, record activity, and optionally mask sensitive results before they reach the caller.

Where the control gap appears

When a non‑human principal connects directly to BigQuery, the connection terminates at the Google API endpoint. The request travels over TLS, the service authenticates the token, and the query runs. At this point, the only enforcement that has occurred is the IAM policy attached to the service account. There is no inline guardrail that can:

• Inspect the SQL before execution and block dangerous patterns (e.g., DROP TABLE).
• Require a human approver for queries that touch sensitive columns.
• Mask personally identifiable information in the response for downstream processing.
• Record a replayable session that ties the exact query text to the originating identity.

Those capabilities live in the data path, not in the IAM configuration. Without a gateway sitting between the caller and BigQuery, the blast radius remains broad and unobservable.

Putting an identity‑aware gateway in the data path

hoop.dev fulfills the missing data‑path layer. It acts as a Layer 7 proxy that terminates the client connection, validates the non‑human token against your OIDC provider, and then forwards the request to BigQuery using its own short‑lived credential. Because the gateway is the only point where traffic passes, it can enforce the guardrails listed above.

When a CI job or AI agent initiates a query, hoop.dev records the full session, applies inline masking to any columns marked as sensitive, and can trigger a just‑in‑time approval workflow for high‑risk statements. If the query matches a blocked pattern, hoop.dev stops the request before it reaches BigQuery, effectively shrinking the blast radius to zero for that operation. All of this happens without the automation code needing to change; the job simply points its client at the hoop.dev endpoint instead of the raw BigQuery endpoint.

The gateway also decouples credential management from the automation process. The service account used by the job never sees the underlying Google credentials; hoop.dev holds them securely and rotates them automatically. If a credential is ever suspected of compromise, you revoke the service account in your identity provider and hoop.dev immediately stops forwarding traffic for that identity.

Because hoop.dev is open source, you can inspect the code, extend the policy engine, and host the gateway inside your own VPC. The project’s getting‑started guide walks you through deploying the gateway with Docker Compose or Kubernetes, wiring it to your OIDC provider, and registering a BigQuery connection. Detailed feature documentation explains how to configure masking rules, approval policies, and session replay.

Practical steps to reduce blast radius with non‑human identities

1. Audit existing service accounts. Identify every non‑human principal that currently accesses BigQuery and catalog the permissions it holds.
2. Create dedicated identities. For each automation workflow, generate a unique OIDC‑backed service account with only the scopes needed for that job.
3. Deploy hoop.dev as the gateway. Follow the getting‑started guide to place the gateway in the same network segment as your BigQuery endpoint.
4. Define guardrails. Use the learn section to set up SQL pattern blocks, column‑level masking, and just‑in‑time approval for queries that touch regulated data.
5. Enable session recording. Configure hoop.dev to store replayable logs that tie each query to the originating non‑human identity.
6. Test and iterate. Run a subset of jobs through the gateway, verify that legitimate queries succeed, and that blocked patterns are rejected.

After these steps, the effective blast radius of any compromised non‑human credential is limited to the specific dataset and query type that the identity is allowed to run. If a token is leaked, you can revoke the identity at the OIDC level and the gateway immediately stops forwarding traffic, preventing lateral movement.

FAQ

Q: Do I need to change my existing CI pipelines?
A: No. The only change is the endpoint URL. Your CI job continues to use the same client libraries (psql, bq, etc.) but points them at the hoop.dev proxy.

Q: Will masking affect downstream analytics?
A: Masking is applied only to columns you mark as sensitive. The raw data remains unchanged in BigQuery; only the response sent to the caller is altered.

Q: How does hoop.dev store session logs?
A: The gateway writes replayable logs to a storage backend you configure. The logs include the full SQL statement, the identity that issued it, and timestamps, providing the evidence needed to prove a reduced blast radius.

Ready to try it yourself? Visit the hoop.dev GitHub repository for installation instructions and contribution guidelines.

By treating every automation component as a first‑class citizen with its own identity and by inserting an identity‑aware gateway into the data path, you turn a vague, organization‑wide blast radius into a measurable, controllable surface. hoop.dev makes that architectural shift practical and auditable without forcing you to rewrite existing automation code.