Annotate audit log entries with ID of credential used to perform the request
Proposal
As an admin I would like to be able to filter audit logs based on the the unique ID of the credential used in the request (personal/projct/group access tokens, or session token) so that I can correlate all actions taken with that credential.
I have recently had to do an investigation into our Gitlab instance (self-hosted) to find out how personal/project access tokens are being used across the company. Whilst I can see audit events for token creation and revocation (which include useful information such as the author, api scopes, project scopes etc) I cannot use the ID of the resulting token to see what was subsequently done with it. Subsequent events are merely assigned to a user.
For example "custom_message":"Created personal access token with id 943"
is issued when a PAT was created, but the ID 943 does not appear in any events where this token was used to authenticate the request.
I have not delved into the code to see how this is implemented, but from reviewing the logs it seems like all forms of token are assigned an ID which is a monotonically increasing integer across the entire Gitlab instance. I don't know if session or job tokens differ? If they also follow a similar scheme then it would be great to have the IDs of those credentials logged as well for complete visibility.
For my own use case I don't need this information exposed in the UI, just so long as I can use jq
on it in any exported logs.