Skip to content
Latchkey

Short-Lived Credentials - CI/CD Glossary Definition

Short-lived credentials shrink the blast radius of a leak by expiring almost as fast as they are issued.

Short-lived credentials are access tokens that expire minutes after issue, so a leaked token is useless soon after a job ends.

CI pipelines fetch these tokens at runtime (often via OIDC) rather than storing a permanent key, which removes the standing secret an attacker could exfiltrate.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →