What Is the Principle of Least Privilege?
The principle of least privilege holds that any user, process, or credential should be granted only the permissions strictly necessary for its task, and no more. In CI/CD this means scoping tokens to specific repositories, environments, and actions rather than handing out broad admin access. It limits the damage any single compromise can cause.
Why it matters
Over-privileged CI tokens turn a small leak into a full compromise. Scoping each job to the narrowest possible permission set, ideally with short-lived OIDC credentials, shrinks the blast radius of any mistake or attack.
Related concepts
- Blast radius shrinks as privileges narrow
- GitHub Actions permissions block scopes the GITHUB_TOKEN
- OIDC federation enables per-job least privilege
Related guides
What Is Blast Radius?Blast radius is the scope of damage a single failure, change, or compromise can cause across systems, users,…
What Is OIDC Federation in CI/CD?OIDC federation lets a CI job exchange a short-lived identity token for cloud credentials, removing the need…
What Are Environment Protection Rules?Environment protection rules gate deployments to an environment behind required approvals, wait timers, or br…