Add IP allow/deny listing to credential inventory for self-managed

Problem to solve

We released the credential inventory in 12.6, which provided admins with visibility and control of their users' credentials. The current experience, however, does not provide some features that are considered best practice for security practitioners, such as explicit allow or deny listing based on IP addresses or CIDR ranges.

Intended users

• Cameron (Compliance Manager)
• Sidney (Systems Administrator)

User experience goal

An admin can define specific IP addresses and/or CIDR ranges to explicitly allow traffic from only those sources within the credential inventory.

Proposal

• Add an input field to the main credential inventory page to accept this data

Further details

We should consider a configuration view/tab/other where information like this can be configured. We could possibly move the PAT and SSH expiration settings to this same location to consolidate the credential management experience.

Permissions and Security

• Add expected impact to Owner (50) members