|
|
|
|
|
|
by FujiApple
1446 days ago
|
|
|
Yes, but credentials should either be long lived with (very) limited scope _or_ short lived with required scope. For example, for AWS you can create long lived credentials for users which are scoped to only allow one operation, namely obtaining a short lived token (with the aid of a hardware token such as a Yubikey) with scope to perform other operations. AWS guide here:
https://aws.amazon.com/blogs/security/enhance-programmatic-a... |
|
|