You don't want long-lived keys
Summary
The article argues that long-lived keys are liabilities and outlines strategies to mitigate risk, notably by adopting ephemeral keys and regular rotation. It provides practical examples for SSH, package publishing tokens, and identity-based access to illustrate how reducing key lifetimes and scope can improve security, while acknowledging that some long-lived keys may still be necessary in tightly scoped contexts.