A just-in-time credential is a short-lived secret issued only when a specific action needs access. Instead of storing a password or token for long periods, a system requests a temporary credential from a vault or identity service, uses it for one task, and lets it expire quickly. The access is usually scoped to a single job, API call, or session.
This model matters because it reduces the time attackers have to steal and reuse credentials. In defense, it limits blast radius if logs, prompts, source code, or a temporary work area are exposed. It is useful for service accounts, automation, and AI coding agents that need to perform a task but should not retain durable secrets. Attackers often try to capture long-lived tokens from memory, repositories, or workflow output; just-in-time delivery makes those secrets harder to reuse and easier to revoke or audit.