Highlight revoked PAT credentials in the credential inventory
Problem to solve
We introduced a credential inventory in 12.6 and extended it to group-managed accounts for GitLab.com in 12.8 to help customers gain visibility into all of the PAT and SSH credentials that existed within their self-managed instance and groups. This inventory provided necessary insight into the access users had for a particular instance or group, but it does not provide other necessary capabilities such as forcing a credential rotation (in the event of a known compromise).
Currently, when an SSH is revoked, that revocation is not mentioned in the credentials inventory. There's no way for administrators
and group owners
to see, in aggregate, when credentials have been revoked.
Intended users
Proposal
Add a column for "Revoked on" to the PAT tab in the credential inventory that shows the date a PAT was revoked (or nothing for PATs that have not been revoked):
Revoked PATs |
---|
![]() |
Out of scope
SSH keys are out of scope because they cannot be revoked.
Permissions and Security
Only administrators
and group owners
would see this specific signal since they are the only users who can view the credential inventory.
Documentation
- Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
- If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html -->
Links / references
This is the sibling issue to adding an icon for expired tokens.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.