Add Revoke buttons to the PAT tab of the credential inventory
Problem to solve
Currently, the credential inventory provides passive insight to administrators and group owners. With the introduction of credential management capabilities like optional SSH key expiration and PAT expiration (#118893 (closed) for gitlab.com), additional functionality is required to enable administrators and group owners to facilitate the rotation of credentials once they're expired.
GitLab would like to strike a balance between necessary policy definition and enforcement that compliance-minded organizations require and maintaining a great developer experience. Abrupt credential revocation is disruptive and frustrating, but an organization unable to rotate credentials for their users faces an increased risk of a credential's compromise.
There's no way to revoke SSH or PAT credentials on behalf of users for administrators and group owners, who need to enforce this action.
Intended users
Solution
In the "Personal Access Tokens" tab of the credentials inventory
- Add a
Revokebutton that appears for each PAT that is "active" (not already expired, where expiration is enforced or revoked). - Show a modal to confirm the action after clicking
revoke- Use default browser modal for MVC
Are you sure you wish to revoke this personal access token? This action cannot be undone. [Cancel|Okay]
- Implementing Pajamas modal → #228881 (closed)
| Token state | Expiry Enforced? | Show Revoke button | Comments |
|---|---|---|---|
| Active | Enforced | Yes | When admin voluntarily wishes to revoke (e.g. compromised account) |
| Active | Not Enforced | Yes | When admin voluntarily wishes to revoke (e.g. compromised account) |
| Expired | Enforced | No | PAT expires automatically |
| Expired | Not Enforced | Yes | Admin revokes to prevent users from using the PAT indefinitely |
| Revoked | Enforced | No | Not applicable to revoke an already revoked token |
| Revoked | Not Enforced | No | Not applicable to revoke an already revoked token |
| Personal Access Tokens | Default Browser Modal |
|---|---|
 |
 |
Stretch Goal (moved to #228721 (closed)): Add a
Revoke Allbutton to the top of the inventory that revokes allexpiredSSH and PAT credentials.
Implementation plan
frontend - 1
- Add the
revokebutton to rows which are not expired or already revoked (see table above). The button should be placed within theRevokedcolumn - On click, show a standard browser modal, on yes, redirect to endpoint
- Update tests
backend - 1 | 2
- Add new endpoint to
ee/app/controllers/concerns/credentials_inventory_actions.rbto handle therevoke - Add new route to
ee/config/routes/admin.rb:23 - Trigger revoke service from !38501 (merged)
- Re-render
indexwith service message
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.