Extend maximum token and SSH key expiration to 400 days (!153876) · Merge requests · GitLab.org / GitLab

Ben Boeckel requested to merge ben.boeckel/gitlab:token-expiration-limit-bump into master May 22, 2024

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do and why?

apps/settings: Extend maximum token and SSH key expiration to 400 days

An expiration of 365 days means that rotation ends up "creeping" back the calendar every year unless tokens are rotated on the exact day they expire. A forced "lose a day" occurs when the validity period spans over February 29th. In practice, the expiration falling on a weekend would also force losing a day or two. Instead, bump the maximum allowed to 400 days for all editions so that a little over one month of leeway is allowed to perform rotations of tokens and SSH keys.

While 395 would be "sufficient", 400 being so close makes it worth choosing instead.

Changelog: changed

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A

How to set up and validate locally

Test suite should handle this.

Edited May 22, 2024 by 🤖 GitLab Bot 🤖

Extend maximum token and SSH key expiration to 400 days

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports