PAT/SSH Inventory MVC
Problem to solve
We've explored this issue and now need to implement the MVC for this feature.
Proposal
A "Credentials" view in the admin panel showing all PAT and SSH credentials for a GitLab instance.
- Columns (should be sortable and filterable)
- Owner: User it's associated with, if any.
- Type: Type of credential, PAT, SSH key, etc.
- Scope: How it's scoped, if relevant (
api, etc.) - Last used: Last time this key was used.
- Expiration: When the credential expires, if any.
| Rough Idea | Prototype Draft | Working Concept |
|---|---|---|
 |
 |
|
| Our initial concept for this inventory of credentials. | The first draft of a prototype for the inventory. | Concept designed by @manojmj with backend considerations taken into account. |
Working Concept Breakdown
Separate out the type of credentials in the view to make this feature more performant and future proof instead of loading all kinds of credentials in one single view.
Advantages:
- Different types of credentials are stored in different tables in the db and hence to show all these credentials in a single view would mean that we'd have to query multiple tables at once and then sort them in memory (possibly).
- A homogeneous list of items is much easier to sort and filter than a heterogeneous list.
- The attributes in these tables also differ, eg: PAT has
expiryandscopesbut SSH does not. SSH haslast_used_atbut PAT does not and as far as I understand, it would mean a bunch ofif..elsestatements to display this properly. - Separating out the different types of credentials scales - if we have to add a third kind of credential to the view, it'd be very easy.
We use a similar approach in /admin/users already, ie, tabs for Deactivated, Blocked users etc.
Default to Most Recent to Oldest sort order based on the "Last Used" column.
Users should be able to sort and filter to see desired data subsets.
Permissions and Security
Only Administrators should be able to view this.