Token Expiry - CI/CD Glossary Definition
Token expiry is the time after which a credential stops being valid and must be rotated or reissued.
Token expiry is the lifetime after which a token is rejected. Short expiries limit the window an attacker can use a leaked credential; fine-grained PATs and installation tokens require or enforce expirations.
Rotation
Static long-lived tokens must be rotated on a schedule and re-added to secrets. Ephemeral credentials from OIDC sidestep rotation entirely because each run mints a fresh, short-lived token.
Related guides
Ephemeral Credential - CI/CD Glossary DefinitionEphemeral Credential: An ephemeral credential is a token or key issued just-in-time for one CI run and expiri…
Token Scope - CI/CD Glossary DefinitionToken Scope: A token scope is a permission attached to a credential that bounds what it can do, such as `repo…
Installation Token - CI/CD Glossary DefinitionInstallation Token: An installation access token is a token a GitHub App mints for a specific installation. I…