Short-Lived Credentials - CI/CD Glossary Definition
Short-lived credentials shrink the blast radius of a leak by expiring almost as fast as they are issued.
Short-lived credentials are access tokens that expire minutes after issue, so a leaked token is useless soon after a job ends.
CI pipelines fetch these tokens at runtime (often via OIDC) rather than storing a permanent key, which removes the standing secret an attacker could exfiltrate.
Related guides
OIDC Federation (CI to Cloud) - CI/CD Glossary DefinitionOIDC Federation (CI to Cloud): OIDC federation lets a CI workflow present a signed identity token to a cloud…
Secretless CI - CI/CD Glossary DefinitionSecretless CI: Secretless CI is a pipeline design where no long-lived secrets are stored in the repository or…
Ephemeral Token - CI/CD Glossary DefinitionEphemeral Token: An ephemeral token is a credential valid for a single use or a very short window, such as a…