Add ability to set and enforce SSH key expiration dates at the group level

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem

Currently, customers can set an expiration date for SSH keys at the instance level. However, some customers have a need to control the SSH key expiration dates at the group level so that the policies only apply to a certain team or group of teams, rather than to all teams across the instance. Furthermore, there is currently no way in GitLab to enforce the rotation of SSH keys at the group level (although this is being looked at for the instance level here).

Proposal

To provide customers with more granular control over their security posture, GitLab should provide a way to manage the SSH key expiration date at the group level. Additionally, GitLab should offer a way to enforce the rotation of SSH keys and / or prevent previously used SSH keys from being used again once they have expired (see here).

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖