Apr 10, 2026
Unrotated API Keys: Why Years-Old Credentials Still Run Production (NHI Kill Chain #3)
A single AWS key, never rotated for 3 years, spread across 7 systems. When a supply chain attack hit a Terraform CI plugin, the key gave attackers full infrastructure access. Inside the Aged Key kill chain and how to defend against long-lived credentials.
Ben Kim
Team Member
