Skip to content
Sentyn
Platform
Sentyn console · acme-prod
Owner coverage89.1%
Open findings174
Connectors4 active
IdentitySourceOwnerRisk
prod-ci-deployerAWS IAMunknowncritical
gha-release-tokenGitHubassignedhigh
lambda-audit-roleAWS IAMconfirmedmedium
evidence: redactedblast_radius: computedsync: read-only
Control plane

Tenant isolation, encrypted credentials, redaction pipeline, read-only connectors, append-only audit.

Learn more
Platform
Pillars
Pillars overview
Machine identity security
Discovery and inventory
Governance and proof
Integrations
Connectors
AWS IAM
GitHub
Azure Entra
Kubernetes
Start
Guided review
Demo walkthrough
Validate sync
Owner queue
Export audit
Book walkthrough
The checklist we use before design-partner demos.
Product
Sentyn console · acme-prod
Owner coverage89.1%
Open findings174
Connectors4 active
IdentitySourceOwnerRisk
prod-ci-deployerAWS IAMunknowncritical
gha-release-tokenGitHubassignedhigh
lambda-audit-roleAWS IAMconfirmedmedium
evidence: redactedblast_radius: computedsync: read-only
Product console

Inventory, ownership, findings, graph, remediation preview, reports, and audit in one evidence model.

Learn more
Capabilities
Console
Overview
Inventory
Ownership
Findings
Access reviews
Capabilities
Workflow
Discover
Assign owner
Triage finding
Preview fix
Export proof
Services
Assessments
Cloud assessment
Infra and CI/CD review
AI agent review
Audit evidence package
Talk to us
Scoped session on your cloud and GitHub footprint.
Use cases
Teams
Cloud security
Privileged review
Multi-account visibility
Blast radius
Teams
Identity
Unknown owner cleanup
Owner conflicts
Attestation
Teams
Audit / GRC
Board prep
Compliance evidence
Connector review
Lifecycle
Five-step loop
Discover
Assign
Prioritize
Preview
Prove
Book a walkthrough
See unknown owners in your first session.
Knowledge
Learn
Knowledge center
Resources
Documentation
Use cases
Docs
Documentation
Security model
Connectors
Deployment
Trust packs
Company
About
Principles
What we are not
Enterprise teams
Contact
Contact
Get started
Book demo
Security review
Assessment inquiry
Book a walkthrough
30 minutes to your first evidence-backed finding.
Contact
Book a walkthrough
Sentyn

Evidence before alerts. Machine identity security for teams that need names, owners, and audit proof.

Book a walkthrough

Product

OverviewConsole tourPlatformPricing

Services

Cloud assessmentInfra reviewAI agentsAudit package

Use cases

Cloud securityIdentityAudit / GRCLifecycle

Knowledge

ResourcesDocumentationSecurity modelAboutContact
© 2026 Sentyn. All rights reserved.
SecurityPricingsentyn.io
← Knowledge center

Checklist

Machine identity security review checklist

Six-phase evaluation path from scope through audit export. The same checklist Sentyn uses in enterprise evaluations.

Research narrative by Het Mehta, Research and product narrative. Sources are public competitor reports, vendor documentation, and official incident disclosures.

Structured path for security, identity, and platform teams evaluating Sentyn or any NHI program. Stop immediately if a raw secret appears in UI, exports, or logs.

  1. 01 · Scope

    • List AWS accounts, GitHub orgs, and Kubernetes clusters in scope for read-only discovery
    • Confirm audit timeline and required evidence format (SOC2, ISO, customer questionnaire)
    • Identify current owner coverage metric baseline, even if it is a spreadsheet today
  2. 02 · Connect

    • Review connector permission manifests before any credential is accepted
    • Validate read-only API calls against least-privilege documentation
    • Confirm credentials are envelope-encrypted and never echoed after write
  3. 03 · Discover

    • Run first sync and verify inventory count matches expectations within an order of magnitude
    • Spot-check ten identities for external ID, connector source, and owner status field
    • Confirm no raw secret values in database, API responses, or browser network tab
  4. 04 · Govern

    • Triage unknown owner queue and assign at least one identity with evidence
    • Verify conflicting owner signals remain visible, not silently merged
    • Check owner coverage percentage updates on dashboard after assignment
  5. 05 · Respond

    • Open one critical finding with blast radius evidence panel
    • Walk findings state machine: new, triaged, acknowledged, or suppressed with reason
    • Preview remediation scope without provider write execution
  6. 06 · Prove

    • Export inventory, findings, and append-only audit sample in same session
    • Confirm exports contain fingerprints and metadata only, never plaintext secrets
    • Document fail criteria if cross-tenant data appears in negative tests

Run the checklist on your footprint

Read-only connect, owner queue, one finding with evidence, audit export sample.

Book a walkthrough