<!-- The first three sections: "Problem to solve", "Intended users" and "Proposal", are strongly recommended, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. --> ### Problem to solve <!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." --> Currently, the [credential inventory](https://gitlab.com/gitlab-org/gitlab/issues/36742) provides passive insight to `administrators` and `group owners`. With the introduction of credential management capabilities like [optional SSH key expiration](https://gitlab.com/gitlab-org/gitlab/issues/36243) and [PAT expiration](https://gitlab.com/gitlab-org/gitlab/merge_requests/17344) (https://gitlab.com/gitlab-org/gitlab/issues/118893 for gitlab.com), additional functionality is required to enable `administrators` and `group owners` to facilitate the rotation of credentials once they're expired. GitLab would like to strike a balance between necessary policy definition and enforcement that compliance-minded organizations require and maintaining a great developer experience. Abrupt credential revocation is disruptive and frustrating, but an organization unable to rotate credentials for their users faces an increased risk of a credential's compromise. There's no way to revoke SSH or PAT credentials on behalf of `users` for `administrators` and `group owners`, who need to enforce this action. ### Intended users * [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator) * [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#cameron-compliance-manager) ### Solution <!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey --> In the "Personal Access Tokens" tab of the [credentials inventory](https://gitlab.com/gitlab-org/gitlab/issues/36742) - Add a `Revoke` button that appears for each PAT that is ["active"](https://gitlab.com/gitlab-org/gitlab/-/issues/214723#note_361349149) (not already expired, *where expiration is enforced* or revoked). - Show a modal to confirm the action after clicking `revoke` - Use default browser modal for MVC > Are you sure you wish to revoke this personal access token? This action cannot be undone. > [Cancel|Okay] - Implementing Pajamas modal → #228881 | Token state | Expiry Enforced? | Show Revoke button | Comments | | ----------- | ---------------- | ------------------ | -------- | | Active | Enforced | Yes | When admin voluntarily wishes to revoke (e.g. compromised account) | | Active | Not Enforced | Yes | When admin voluntarily wishes to revoke (e.g. compromised account) | | Expired | Enforced | No | PAT expires automatically | | Expired | Not Enforced | Yes | Admin revokes to prevent users from using the PAT indefinitely | | Revoked | Enforced | No | Not applicable to revoke an already revoked token | | Revoked | Not Enforced | No | Not applicable to revoke an already revoked token | |Personal Access Tokens|Default Browser Modal| |:----------------------:|:-----:| ||| [→ Figma](https://www.figma.com/file/KBAt50dQRnrFJFgntYr8l7/214811-Add-a-Revoke-button-to-PAT-tab?node-id=79%3A626) > Stretch Goal (moved to #228721): Add a `Revoke All` button to the top of the inventory that revokes all `expired` SSH and PAT credentials. ## Implementation plan ~frontend - `1` 1. Add the `revoke` button to rows which are not expired or already revoked (see table above). The button should be placed within the `Revoked` column 3. On click, show a standard browser modal, on yes, redirect to endpoint 4. Update tests ~backend - `1 | 2` 1. Add new endpoint to `ee/app/controllers/concerns/credentials_inventory_actions.rb` to handle the `revoke` 2. Add new route to `ee/config/routes/admin.rb:23` 3. Trigger revoke service from https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38501 4. Re-render `index` with service message <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->