Increase Discoverability of Credentials Inventory Feature
Background
The credential inventory continues to evolve as we add additional credentials for admins or Cameron (Compliance Manager) to track and manage. Currently, the inventory in the Admin Area provides visibility into Personal Access Tokens (PATs) and SSH Keys.
Problem to solve
For Customers
It is unclear if Cameron can easily discover the credential inventory, which suppresses the value of this feature despite its expansion to include more components (e.g. GPG Keys) and the customer-validated problems of credential management within GitLab.
For GitLab
The credential inventory is one of the pages we track for groupcompliance's paid GMAU performance indicator. We should improve the discoverability of this feature to meet known, customer-validated need for this experience and drive a 10x improvement of our paid GMAU.
Intended users
JTBD
Highlight compliance gaps for remediation
When I am managing the compliance controls of applications, I want to ensure they meet all required criteria defined in the policies, so that it does not create problems for us during an audit.
| Job Statement |
|---|
| When I am managing access to projects, I want to know if there are any credentials that need to be revoked or deleted, so that I can address those issues. |
Proposal (Potential Solutions)
Add credential inventory widget to admin dashboard
- Showing the total number of credentials on the instance (e.g. X PATs, Y SSH keys, etc)
- Highlight the number of credentials older than X years
- Link to the credential inventory
Screenshot
Add a summation counter to Deploy keys and credentials (PAT, SSH, GPG, etc.)
Screenshot
Add a credential overview widget to the compliance dashboard
Screenshot
Add a new CTA within email digests and to take Cameron to credentials