Resolve "Frontend: Secret Rotation UI for Indicators and Alerts"

Ahmad Husseinrequested to merge
555422-frontend-secret-rotation-ui-for-indicators-and-alerts into master

What does this MR do and why?

This MR adds the UI for the secrets rotation reminder functionality, including:

  • an alert banner on the secrets list page that shows secrets soon needing rotation and those that are overdue, with collapsible sections for each containing a list of relevant secret names linking to the secret detail pages
  • added the rotation reminder interval to the secret detail page
  • created the frontend graphql query to fetch the list of secrets needing rotation (i.e those either approaching their rotation date or overdue)
  • added rotation info to the existing graphql query fetching secret details
  • Added icon with tooltip for rotation reminders on the secrets list page

The overall goal is to proactively remind users to rotate their secrets regularly, improving security by preventing secrets from becoming stale or compromised over time.

References

Related backend issues: #555421 (closed) #567397 (closed)

Screenshots or screen recordings

BANNER (COLLAPSED):

image

BANNER (EXPANDED):

image

WITH TOOLTIP HOVERED:

image

SECRET DETAILS PAGE (with and without rotation info):

image image

How to set up and validate locally

Setup

  1. Make sure your gdk is on an Ultimate license.
  2. Set up openbao on your gdk.
  3. Enable the Secrets Manager on gdk.

Verification

  1. Visit /path/to/project/-/secrets (or go to your project and from the sidebar visit Secure > Secrets)
  2. If there are no secrets whose rotation reminders are within 7 days, you can create a new secret by clicking the Add secret button on the top right. You can also edit an existing secret through the actions column.
  3. After creating/updating a secret, you will be redirected to the secret details page. If the rotation interval is within 7 days, the reminder alert should show up.
  4. Go to the index page for the Secrets manager and verify that the reminder alert includes the list of secrets that need to be rotated soon. In the table, the row including these secrets will also have a warning icon with a tooltip.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #555422 (closed)

Edited by Ahmad Hussein

Merge request reports