You don't want long-lived keys
3 days ago
- #ephemeral-keys
- #key-management
- #security
- Long-lived keys pose compounding security risks over time, manageable by reducing key scope or rotating keys.
- Ephemeral keys (valid for a day or less) alleviate rotation pain and are a high-value security engineering investment.
- Replacing long-lived SSH keys with temporary credentials (e.g., EC2 instance connect) reduces risks like unauthorized copies or hardcoding.
- Using trusted publishers for package releases (e.g., with GitHub Actions) eliminates static tokens that can be misused or forgotten.
- SSO replaces user passwords with short-lived assertions from an IdP, reducing attack surfaces like password guessing.
- While not all long-lived keys can be eliminated, reducing their number concentrates security efforts on more manageable, hardened infrastructure.
- Consolidating key management into specialized groups reduces toil, ensures rigor, and prevents oversight in distributed teams.
- For long-lived keys, limit scope, set maximum lifetimes based on strong security models, and aim for quarterly rotations to maintain operational readiness.