Skip to content

Alert users on GitLab.com to rotate old Oauth secrets

Release notes

Problem to solve

Proposal

One idea to consider (or update/ignore after more validation) - add a column to show created at for the Applications:

Project access tokens Application screen suggested change
Screen_Shot_2022-02-14_at_1.31.29_PM Screen_Shot_2022-02-15_at_12.47.02_PM image

That would show users how old the app is. Also consider adding a help bubble or a warning sign to provide guidance for very old apps & that they should be rotated.

Implementation

  1. Add a Created column to ../profile/applications
  2. Create a page level information banner:
    • At least one of your personal access tokens is more than 000 days old. You should revoke and create new personal access tokens regularly for better security.
  3. The alert should appear when atleast one of the OAuth tokens are over 365 days old.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Availability & Testing

Add feature level test to validate the banner is shown when old PATs exist.

Edited by Sanad Liaquat