Definition
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in NHI and AI agent contexts. Foundation of zero-trust workload patterns. Mitigates credential theft impact — stolen ephemeral creds expire before exploitation.
- Synonyms
-
- Short-lived Credentials
- Just-in-Time Credentials
- Application
- Regulatory: CNCF — SPIFFE / SPIRE specs · NIST SP 800-63 (Digital Identity Guidelines) · OWASP NHI Top 10 (2025) / SAMM
- Standards & regulations
-
- CNCF
- NIST
- OWASP
Related terms
-
Ephemeral Identity
Workload or AI agent identity with very short lifetime — created on-demand for a specific task or session, destroyed whe …
-
OIDC for Cloud (Workload OIDC)
Pattern using OIDC tokens issued by cloud platforms (AWS IRSA, Azure Workload Identity, GCP Workload Identity Federation …
-
Continuous Authentication
Authentication paradigm verifying user identity continuously throughout a session, not just at login. Uses behavioral bi …
-
Login
Common term for the user-facing authentication interaction — entering credentials at a sign-in form. Modern patterns: pa …
-
Multi-factor Authentication (MFA)
Authentication requiring two or more independent factors from different categories: knowledge (password), possession (ph …
-
Non-Human Identity (NHI)
Identities for service accounts, API keys, OAuth client secrets, machine certificates, workload identities (AWS IAM role …