Least-Privilege Token - CI/CD Glossary Definition
A least-privilege token carries only the scopes a job actually needs and nothing more.
A least-privilege token is a credential granted only the minimum scopes required for a task, so a compromise exposes as little as possible.
In CI, this means setting the workflow permissions: to the smallest set (often contents: read) and elevating only the specific jobs that push, deploy, or publish.
Related guides
GITHUB_TOKEN Permissions - CI/CD Glossary DefinitionGITHUB_TOKEN Permissions: GITHUB_TOKEN permissions are the `permissions:` scopes granted to the automatic tok…
Workload Identity - CI/CD Glossary DefinitionWorkload Identity: Workload identity is the practice of giving an automated workload (a CI job, service, or p…