Comment by nightpool
2 hours ago
Why? If Sentry gets compromised, it's the exact same outcome—your Jira tickets get mined for production credentials and downloaded for random. What does automated token management save here?
How long the Jira access lasts depends on you / Sentry detecting and solving the initial intrusion. It doesn't matter how long the Jira token itself lasts if the attackers have access to the database in which its stored or log files in which its been dumped or something like that.
This assumes that the intrusion is persistent until Sentry catches it, that Sentry notifies me, that I successfully track all the places I have long-lived tokens that need to be rotated, etc.