An organization is adopting ephemeral credentials for inter-container communication. During testing, the security team discovers older credentials continue to function beyond their permitted time. Which measure ensures that outdated credentials are invalidated once their usage timeframe is exceeded?
Maintain a shared revocation list that marks them unusable after their allotted period
Place them into environment variables during each start of a service
Increase the validity period to decrease recurring expiration issues
Count on standard session termination to remove them completely
A centralized method that tracks each credential and marks it unusable after the designated time prevents unintended reuse across systems. Extending the expiration period does not address the risk of old credentials still being recognized. Relying on a local restart or an operating system setting does not systematically invalidate credentials in all environments, which leaves them vulnerable to misuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a shared revocation list important for ephemeral credentials?
Open an interactive chat with Bash
How do ephemeral credentials differ from traditional long-term credentials?
Open an interactive chat with Bash
What risks arise from expired credentials not being systematically invalidated?