Add RUNBOOK instructions to check access tokens about to expire (!151) · Merge requests · GitLab.org / Quality Department / Engineering Productivity / team · GitLab

David Dieulivol requested to merge 369-runbook_check_for_tokens_about_to_expire into main Jan 18, 2024

Context

Closes #369 (closed)

What does this MR do?

Adds an entry to check whether tokens will expire in the next 30 days.

We use the op read command (the 1password CLI tool) to get secrets from 1password directly 🎉. First time I use it, I find it pretty cool!

What's the plan to use it?

I'll add a reminder in Slack every month in the EP Slack channel.

This is the simple solution. I thought about creating a ruby script for this, as well as running it from the CI regularly, but:

We need to write/maintain those
Checking regularly will do nothing most of the times (assuming a 2-hour scheduled pipeline here)
We need to again store credentials in CI variables, which I'm not a fan of (and this time, powerful-enough credentials to be able to fetch personal access tokens for @gitlab-bot project access tokens)

Please let me know if you see a better way of doing this!