CONCEPT Cited by 1 source
Credential rotation¶
Definition¶
The practice of invalidating existing credentials (API keys, tokens, secrets, certificates) and issuing new ones — either as a routine hygiene measure or as an emergency containment action during an incident. In production incidents, the critical challenge is completeness: ensuring every exposed credential is identified and rotated before an attacker can use it.
Rotation vs. inventorying¶
The Grafana TanStack incident (2026) demonstrates that the mechanics of rotation (revoke + re-issue) are straightforward — the hard problem is credential inventory: knowing which credentials were accessible from the compromised context. Grafana rotated immediately on Day 0 but missed one credential, which was exploited 5 days later for full repository exfiltration (Source: sources/2026-06-24-grafana-post-incident-review-tanstack-npm-supply-chain-ransom).
Structural solutions¶
Rather than relying on perfect inventory during an incident:
- Short-lived credentials — tokens that expire in minutes/hours, limiting the window of exploitation (patterns/short-lived-oidc-credentials-in-ci)
- Token brokers — centralized vending with per-operation scope, eliminating static secrets at rest (patterns/token-broker-for-ci-credentials)
- Automated rotation — periodic rotation as hygiene reduces the maximum exposure window
Seen in¶
- sources/2026-06-24-grafana-post-incident-review-tanstack-npm-supply-chain-ransom — incomplete rotation leading to 5-day residual exposure