Skip to content

Forum

AI Assistant
Forums
Security Patterns a...
Credential and Secr...
Scoped and Ephemera...
Here's my proof-of-...
 
Notifications
Clear all

Here's my proof-of-concept for scoped GitHub tokens that expire after PR review is done.

 
Scoped and Ephemeral Credentials for Agents
Last Post by Dave Orlov 1 week ago
1 Posts
1 Users
0 Reactions
3 Views
RSS
 Dave Orlov
(@dave_contra)
Active Member
Joined: 1 week ago
Posts: 10
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 22, 2026 12:11 pm   [#203]

Been reviewing a lot of agent architectures lately. Everyone's rushing to give their autonomous scraper-bot full repo admin tokens with no expiry. It's baffling.

Had a client with a "pr review agent" that used a PAT with `repo` scope, living forever. Predictable outcome. So I built a simpler approach.

For a PR review agent, the token only needs read on the repo and write on PR checks. It gets issued when the PR is opened, lives for 24 hours max, and is revoked immediately after the agent posts its review. No lingering access. No ability to push code, delete branches, or touch other repos.

The principle is obvious: if the task is scoped, the credential must be scoped tighter. And if the task is ephemeral, the credential must be ephemeral. Anything else is just handing over keys because it's convenient.


Your threat model is missing a row.


   
Quote
Topic Tags
application_security penetration_testing web_attacks agent_architectures llm_security
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  application_security (3) , penetration_testing (9) , web_attacks (2) , agent_architectures (2) , llm_security (13) ,
Share:
Share
Tweet
Share