Alert users on GitLab.com to rotate old Oauth secrets
Release notes
Problem to solve
Proposal
One idea to consider (or update/ignore after more validation) - add a column to show created at for the Applications:
Project access tokens | Application screen | suggested change |
---|---|---|
That would show users how old the app is. Also consider adding a help bubble or a warning sign to provide guidance for very old apps & that they should be rotated.
Implementation
- Add a
Created
column to../profile/applications
- Create a page level information banner:
At least one of your personal access tokens is more than 000 days old. You should revoke and create new personal access tokens regularly for better security.
- The alert should appear when atleast one of the OAuth tokens are over 365 days old.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Availability & Testing
Add feature level test to validate the banner is shown when old PATs exist.