Allow SSH key expiration enforcement in Core+
Facts
- You can set an expiration date on an SSH key in any tier.
- SSH key expiration is not enforced and an expired SSH key can continue to be used.
- We are introducing optional expiration enforcement to Ultimate tier under #250480 (closed).
Problem to solve
It is probably dangerous for a security mechanism to have an expiration date that cannot be enforced. It could be easy for someone to set an expiration date without realizing it will not be enforced, and thereby allow unintended access.
Proposal
Alternative proposals
- Offer expiration enforcement in GitLab Core. This does not match with PAT behavior.
- Remove expiration date option in all tiers except GitLab Ultimate.
Edited by Dan Jensen