Short-lived credentials are temporary access tokens, session keys, or cloud/API tokens that expire quickly and usually carry limited scope. Unlike long-lived passwords or static API keys, they are designed to be useful only for a narrow window of time and for a specific task.
They matter in cyber security because stolen authentication material has less value when it expires soon or can be revoked centrally. Attackers often look for publish tokens, CI secrets, and cloud access keys; if those secrets are short-lived, the window for abuse is much smaller. Defenders use them with least privilege, automatic rotation, and just-in-time access to reduce blast radius. In software supply-chain attacks, this can limit damage if a maintainer account, build job, or developer workstation is compromised.



