Updated credentials_inventory.md with new revoke button details

- Added line noting the functionality - Updated existing image to show what it looks like with the revoke buttons - Add table to explain revoke button visibility

Updated credentials_inventory.md with new revoke button details
- Added line noting the functionality - Updated existing image to show what it looks like with the revoke buttons - Add table to explain revoke button visibility
267cedc1 · Robert Hunt · 81f42274 · 267cedc1 · 81f42274 · 267cedc1
Commit 267cedc1 authored Sep 02, 2020 by Robert Hunt
3 changed files
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -13,7 +13,7 @@ type: howto

 GitLab administrators are responsible for the overall security of their instance. To assist, GitLab provides a Credentials inventory to keep track of all the credentials that can be used to access their self-managed instance.

-Using Credentials inventory, GitLab administrators can see all the personal access tokens and SSH keys that exist in their instance and:
+Using Credentials inventory, you can see all the personal access tokens (PAT) and SSH keys that exist in your GitLab instance. In addition, you can [revoke them](#revoke-a-users-personal-access-token) and see:

 - Who they belong to.
 - Their access scope.
@@ -25,4 +25,19 @@ To access the Credentials inventory, navigate to **Admin Area > Credentials**.

 The following is an example of the Credentials inventory page:

-![Credentials inventory page](img/credentials_inventory_v13_2.png)
+![Credentials inventory page](img/credentials_inventory_v13_4.png)
+
+## Revoke a user's personal access token
+
+[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4.
+
+If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
+
+| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments |
+|-------------|------------------------|--------------------|----------------------------------------------------------------------------|
+| Active      | Yes                    | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
+| Active      | No                     | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
+| Expired     | Yes                    | No                 | PAT expires automatically                                                  |                                      
+| Expired     | No                     | Yes                | The administrator may revoke the PAT to prevent indefinite use             | 
+| Revoked     | Yes                    | No                 | Not applicable; token is already revoked                                   | 
+| Revoked     | No                     | No                 | Not applicable; token is already revoked                                   |                                                               
--- a/doc/user/admin_area/img/credentials_inventory_v13_2.png
+++ b/doc/user/admin_area/img/credentials_inventory_v13_2.png
--- a/doc/user/admin_area/img/credentials_inventory_v13_4.png
+++ b/doc/user/admin_area/img/credentials_inventory_v13_4.png