Deploy keys credentials inventory - backend

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Problem to solve

Compliance-minded organizations require insight into the access individuals have to their systems. We're launching an inventory of PAT and SSH credentials in %12.6, which begins to provide this insight to customers. Missing still is Deploy Keys so that customers can have a more holistic view of access to their GitLab environment.

Intended users

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->

Further details

This is an iteration to add Deploy Keys to an existing credential inventory accessible by Administrators.

Proposal

Add Deploy Keys to the credential inventory.

Tab_group

Title Fingerprint Read-only access Read-write access Created (Actions)
Admin deploy key d2:e8:be:cf:fd:a7:b4:fd:a7:b4 sprite_icons_copy-to-clipboard.svg 2 projects 1 project 20201-01-01 edit_remove
Empty state
Preview
illustrations_empty-state_empty-deploy-keys-lg.svg](https://gitlab.com/gitlab-org/gitlab-svgs/blob/main/illustrations/empty-state/empty-deploy-keys-lg.svg)

Deploy keys allow read-only or read-write (if enabled) access to your repository

Deploy keys can be used for CI, staging or production servers. You can create a deploy key or add an existing one.

Confirm

docs

Permissions and Security

Only Administrators can view this information within the Admin Panel

Implementation plan

backend - See !49835 (merged) for an example

  1. Create new feature flag :credentials_inventory_deploy_keys and create feature flag removal issue
  2. Create DeployKeysFinder similar to ee/app/finders/GpgKeysFinder
  3. Check that deploy keys list is enabled like Admin::CredentialsController#check_gpg_keys_list_enabled!
  4. Add deploys keys to CredentialsInventoryHelper
  5. Add deploy keys to CredentialsInventoryActions#filter_credentials
  6. Add deploy_keys to CredentialsInventoryHelper::VALID_FILTERS list
  7. Create the destroy service for deploy keys like app/services/gpg_keys/destroy_service to follow similar conventions to the revoke service
  8. Update destroy method in ee/app/controllers/concerns/credentials_inventory_actions.rb to include deploy keys and use the destroy service
  9. Add tests
Edited by 🤖 GitLab Bot 🤖