Merge branch 'djensen-standardize-expiration-settings-documentation' into 'master'

Standardize docs for credential expiration See merge request gitlab-org/gitlab!53654

Merge branch 'djensen-standardize-expiration-settings-documentation' into 'master'
Standardize docs for credential expiration See merge request gitlab-org/gitlab!53654
3316f648 · Mike Jang · 22153938 · 1b47fa01 · 3316f648 · 3316f648
Commit 3316f648 authored Feb 18, 2021 by Mike Jang
3 changed files
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -31,7 +31,7 @@ The following is an example of the Credentials inventory page:

 If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:

-| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments |
+| Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration) | Show Revoke button? | Comments |
 |-------------|------------------------|--------------------|----------------------------------------------------------------------------|
 | Active      | Yes                    | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
 | Active      | No                     | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |

--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -180,24 +180,26 @@ Once a lifetime for personal access tokens is set, GitLab:
  allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
  or remove it, before revocation takes place.

-## Enforcement of SSH key expiration **(ULTIMATE SELF)**
+## Optional enforcement of SSH key expiration **(ULTIMATE SELF)**

-GitLab administrators can choose to enforce the expiration of SSH keys after their expiration dates.
-If you enable this feature, this disables all _expired_ SSH keys.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.

-To do this:
+By default, expired SSH keys **can still be used**.
+You can prevent the use of expired SSH keys with the following steps:

 1. Navigate to **Admin Area > Settings > General**.
 1. Expand the **Account and limit** section.
 1. Select the **Enforce SSH key expiration** checkbox.

-## Optional enforcement of Personal Access Token expiry **(ULTIMATE SELF)**
+For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970).
+
+## Optional non-enforcement of Personal Access Token expiration **(ULTIMATE SELF)**

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9.

-GitLab administrators can choose to prevent personal access tokens from expiring
-automatically. The tokens are usable after the expiry date, unless they are revoked explicitly.
+By default, expired personal access tokens (PATs) cannot be used.
+You can allow the use of expired PATs with the following steps:

 To do this:


--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -21,7 +21,7 @@ Personal access tokens expire on the date you define, at midnight UTC.
 - GitLab runs a check at 01:00 AM UTC every day to identify personal access tokens that expire in under seven days. The owners of these tokens are notified by email.
 - GitLab runs a check at 02:00 AM UTC every day to identify personal access tokens that expired on the current date. The owners of these tokens are notified by email.
 - In GitLab Ultimate, administrators may [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limiting-lifetime-of-personal-access-tokens).
- In GitLab Ultimate, administrators may [toggle enforcement of personal access token expiry](../admin_area/settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry).
+- In GitLab Ultimate, administrators may [toggle enforcement of personal access token expiration](../admin_area/settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration).

 For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personalproject-access-tokens).