Skip to content
Latchkey

Token Expiry - CI/CD Glossary Definition

Token expiry is the time after which a credential stops being valid and must be rotated or reissued.

Token expiry is the lifetime after which a token is rejected. Short expiries limit the window an attacker can use a leaked credential; fine-grained PATs and installation tokens require or enforce expirations.

Rotation

Static long-lived tokens must be rotated on a schedule and re-added to secrets. Ephemeral credentials from OIDC sidestep rotation entirely because each run mints a fresh, short-lived token.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →