Skip to content
Latchkey

What Is the Principle of Least Privilege?

The principle of least privilege holds that any user, process, or credential should be granted only the permissions strictly necessary for its task, and no more. In CI/CD this means scoping tokens to specific repositories, environments, and actions rather than handing out broad admin access. It limits the damage any single compromise can cause.

Why it matters

Over-privileged CI tokens turn a small leak into a full compromise. Scoping each job to the narrowest possible permission set, ideally with short-lived OIDC credentials, shrinks the blast radius of any mistake or attack.

Related concepts

  • Blast radius shrinks as privileges narrow
  • GitHub Actions permissions block scopes the GITHUB_TOKEN
  • OIDC federation enables per-job least privilege

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →