Skip to content
Latchkey

Ephemeral Credential - CI/CD Glossary Definition

An ephemeral credential is a short-lived secret minted on demand for a single job and discarded afterward.

An ephemeral credential is a token or key issued just-in-time for one CI run and expiring quickly, so nothing long-lived is stored. OIDC-based cloud auth and GitHub App installation tokens are common sources.

Why they are safer

Because the credential is gone (or expired) by the time a log is inspected or an artifact is exfiltrated, ephemeral credentials remove the standing-secret leak risk that static keys carry.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →