What Is a Short-Lived Token?
A short-lived token is an authentication token deliberately given a short validity window, sometimes only a few minutes. When it expires the client must obtain a new one, so any leaked copy quickly becomes useless. It contrasts with static, long-lived keys that stay valid until manually revoked.
Why it matters
Reducing a token lifetime narrows the window during which a stolen value works. It is a key reason federated, on-demand credential issuance is preferred over stored long-term keys.
Related guides
What Is an Ephemeral Build Credential?An ephemeral build credential is a temporary secret issued only for a single build, expiring shortly after so…
What Is a Token Exchange Flow?A token exchange flow is trading one trusted token for another, letting a pipeline swap its identity token fo…
What Is a Federated Identity Config?A federated identity config lets a cloud trust tokens issued by an external provider, so a pipeline can authe…