# Pattern: Token Revocation Sweep Status: seed Readiness target: RL3 production Primary owners: NetKingdom, key-cape, flex-auth Genesis family: Detection and response ## Problem Credential compromise requires quickly invalidating related tokens, sessions, keys, leases, and grants across multiple systems. ## Context Use this pattern for user compromise, agent compromise, tenant incident, OpenBao lease revocation, object-storage session exposure, and SSH certificate containment. ## Forces - Tokens may be issued by different systems. - Some credentials expire naturally but still need immediate revocation. - Revocation must target scope without disabling unrelated tenants. - Audit and evidence must survive the sweep. ## Solution Define revocation sweep procedures that identify affected actor, tenant, credential class, session, lease, key, and token families, then revoke or expire them through owning systems. ## Verification - Sweep inputs can target actor, tenant, session, token class, and time window. - Revoked credentials fail at enforcement points. - Sweep actions are logged with reason and operator. - Follow-up rotation and user communication are tracked. ## Related Patterns - Short-lived Credentials. - Dynamic Secrets. - STS Credential Vending. - Incident Runbook Library.