Service Users (bots/automation) - Feedback issue
Due to the longstanding problem this issue aims to solve, this is being kept open to continue collecting user feedback until we have finished validation a solution.
Problem to solve
Currently, GitLab customers are creating users instead of bots (since there is no official bot feature in GitLab) to specifically handle the automation of tasks. This is painful for customers for the following reasons:
- Compromised security
- Attaching tokens to a specific user means that that user account has access to the full API, if those account credentials are compromised, the whole instance is potentially in the hands of bad actors
- Additional license costs (further detailed below) causes customers to only create one user for many tasks to save money, which is also a potential security risk
- Customers are having to pay not only for additional licenses, but also for the other surrounding costs such as email account provisioning via G-Suite or Office 365 in order for the user to have credentials
- There are users who are uncomfortable with converting to a paid customer due to the anxiety around increased license costs, especially if they are a small team or business with many automated tasks
- Decreased cycle time
- Provisioning bot users is a long and convoluted process for some customers, causing potential delays in getting work done
- If the cost of creating a bot user is too high, users may attempt to manually perform the tasks instead, which is not efficient
- Potential downtime
- If a user who's access token is being used for a task that many depend on gets deleted, this could cause potential disruption and downtime
Current proposal: &2587
Please continue to leave feedback here rather than the above epic and @ mention @mushakov via a comment in this issue so they will see your feedback ASAP.