Skip to content

Add GPG keys list view to Admin Credentials Inventory

Robert Hunt requested to merge 282429-add-gpg-keys-list-view-to-admin-credentials-inventory into master

What does this MR do?

This MR adds the GPG keys table view to the Admin credentials inventory. The revoke and delete action buttons will be added via future issues.

This feature is behind the feature flag :credential_inventory_gpg_keys.

Screenshots (strongly suggested)

Large screens Small screens Dark mode
image image image

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

  1. Enable the feature flag :credential_inventory_gpg_keys
  2. Add GPG keys to your user [GDK_HOST]/-/profile/gpg_keys
  3. Go to [GDK_HOST]/admin/credentials?filter=gpg_keys
  4. Check that the GPG key is shown
  5. Disable the feature flag and check that the GPG keys tab is hidden from the admin credentials inventory

To get a verified GPG key:

  1. Take the email address used for the GPG key and update your user to use that email address: /-/profile
  2. Find your user in the rails console User.find(1) and retrieve the confirmation token user.confirmation_token
  3. Go to the URL [GDK_HOST]/users/confirmation?confirmation_token=[CONFIRMATION_TOKEN]
  4. Check the GPG keys tab and it should show the GPG key is verified

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Related to #282429 (closed)

Edited by Robert Hunt

Merge request reports