Optional enforcement of SSH key expiration
Problem to solve
The SSH key expiration introduced in #36243 (closed) is never enforced, implying the key is always active even after the expiration.
Similar to Optional PAT enforcement, this issue aims to allow an administrator to configure whether key expiration should be enforced or not.
To be in line with current implementation, the default behavior can be to not enforce the expiry.
This might especially be useful for organizations that prefer a hard enforcement for token rotations.
Add a checkbox in the Admin Dashboard (
Account and limit)
Enforce SSH key expiration
When enabled, the keys will become un-usable after expiration.
- Add migration to create a new column
- Changes to
ee/app/helpers/ee/application_settings_helper.rbto include the above column to the list of visible attributes
- When SSH key expiration is enforced:
- Return forbidden error when key has expired
- Add checkbox in Admin dashboard
Note: The optional PAT expiration MR can be handly for implementing most of the changes.
Add documentation to Account and Limit Settings page.