| ▲ | epistasis 21 days ago | |
Aws credentials are short lived precisely so that leaking them has a time limited blast radius. Automatic retrieval, instead of keeping them on disk, is what makes short lived credentials possible. | ||
| ▲ | Sohcahtoa82 21 days ago | parent [-] | |
I'm not convinced that time-limiting the blast radius matters. It just means that malicious use of the credentials has to be automated, and that's a pretty damn low bar. | ||