Highlight expired SSH or PAT credentials in the credential inventory

Problem to solve

We introduced a credential inventory in 12.6 and extended it to group-managed accounts for GitLab.com in 12.8 to help customers gain visibility into all of the PAT and SSH credentials that existed within their self-managed instance and groups. This inventory provided necessary insight into the access users had for a particular instance or group, but it does not provide other necessary capabilities such as forcing a credential rotation (in the event of a known compromise).

Currently, when an SSH or PAT expires the specific user is notified of the expiration, but administrators and group owners are completely unaware. There's no way for administrators and group owners to see, in aggregate, when credentials have expired to enable them to engage with the user to rotate that credential, let alone force a rotation with a revoke mechanism.

Intended users

• Sidney (Systems Administrator)
• Cameron (Compliance Manager)

Further details

Proposal

On both the PAT tab and SSH tab of the credential inventory:

1. Add an "Expired" column that shows the expiration date. The color applied to the expiration date should change as per #214723 (comment 361604419). The hover tooltip should say "This credential has expired."

PAT tab	SSH tab

SSH Workflow

1. A User sets their optional expiration date of 30 days for their SSH key within GitLab
2. The SSH key reaches the expiration date 30 days from the initial setting date or existing SSH keys that are older than 30 days exist

PAT Workflow

1. An administrator or group owner defines a PAT expiration date (self-managed; gitlab.com) of 30 days that applies to their users
2. Existing credentials older than 30 days and any credentials reach the 30 days expiration date

Permissions and Security

Only administrators and group owners would see this specific signal since they are the only users who can view the credential inventory.

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references

This is the sibling issue to adding an icon for revoked tokens.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.