An organization has replaced long-lived API keys with short-lifetime credentials so that each user session expires after only a few minutes. Which approach provides the most secure and reliable way to renew those credentials without weakening the session security controls?
Rely on encryption in transit for security without reacquiring credentials
Store credentials in environment variables across multiple hosts to allow reuse
Remove session expiration to simplify session management
Implement a rotating mechanism that requires updated credentials at scheduled intervals, secured through digital signatures
Rotating credentials at regular intervals and securing them with digital signatures forces clients to obtain a fresh, verifiable credential before continuing. Storing credentials in environment variables can enable unintended reuse, removing session expiration leaves tokens valid indefinitely, and relying solely on encryption in transit protects data exchange but does not confirm that a token is still valid.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why do short-lifetime credentials improve security?
Open an interactive chat with Bash
How do digital signatures secure credentials?
Open an interactive chat with Bash
What are the risks of storing credentials in environment variables?