Commit 3316f648 authored by Mike Jang's avatar Mike Jang

Merge branch 'djensen-standardize-expiration-settings-documentation' into 'master'

Standardize docs for credential expiration

See merge request gitlab-org/gitlab!53654
parents 22153938 1b47fa01
...@@ -31,7 +31,7 @@ The following is an example of the Credentials inventory page: ...@@ -31,7 +31,7 @@ The following is an example of the Credentials inventory page:
If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table: If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments | | Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration) | Show Revoke button? | Comments |
|-------------|------------------------|--------------------|----------------------------------------------------------------------------| |-------------|------------------------|--------------------|----------------------------------------------------------------------------|
| Active | Yes | Yes | Allows administrators to revoke the PAT, such as for a compromised account | | Active | Yes | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
| Active | No | Yes | Allows administrators to revoke the PAT, such as for a compromised account | | Active | No | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
......
...@@ -180,24 +180,26 @@ Once a lifetime for personal access tokens is set, GitLab: ...@@ -180,24 +180,26 @@ Once a lifetime for personal access tokens is set, GitLab:
allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime, allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
or remove it, before revocation takes place. or remove it, before revocation takes place.
## Enforcement of SSH key expiration **(ULTIMATE SELF)** ## Optional enforcement of SSH key expiration **(ULTIMATE SELF)**
GitLab administrators can choose to enforce the expiration of SSH keys after their expiration dates. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.
If you enable this feature, this disables all _expired_ SSH keys.
To do this: By default, expired SSH keys **can still be used**.
You can prevent the use of expired SSH keys with the following steps:
1. Navigate to **Admin Area > Settings > General**. 1. Navigate to **Admin Area > Settings > General**.
1. Expand the **Account and limit** section. 1. Expand the **Account and limit** section.
1. Select the **Enforce SSH key expiration** checkbox. 1. Select the **Enforce SSH key expiration** checkbox.
## Optional enforcement of Personal Access Token expiry **(ULTIMATE SELF)** For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970).
## Optional non-enforcement of Personal Access Token expiration **(ULTIMATE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9.
GitLab administrators can choose to prevent personal access tokens from expiring By default, expired personal access tokens (PATs) cannot be used.
automatically. The tokens are usable after the expiry date, unless they are revoked explicitly. You can allow the use of expired PATs with the following steps:
To do this: To do this:
......
...@@ -21,7 +21,7 @@ Personal access tokens expire on the date you define, at midnight UTC. ...@@ -21,7 +21,7 @@ Personal access tokens expire on the date you define, at midnight UTC.
- GitLab runs a check at 01:00 AM UTC every day to identify personal access tokens that expire in under seven days. The owners of these tokens are notified by email. - GitLab runs a check at 01:00 AM UTC every day to identify personal access tokens that expire in under seven days. The owners of these tokens are notified by email.
- GitLab runs a check at 02:00 AM UTC every day to identify personal access tokens that expired on the current date. The owners of these tokens are notified by email. - GitLab runs a check at 02:00 AM UTC every day to identify personal access tokens that expired on the current date. The owners of these tokens are notified by email.
- In GitLab Ultimate, administrators may [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limiting-lifetime-of-personal-access-tokens). - In GitLab Ultimate, administrators may [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limiting-lifetime-of-personal-access-tokens).
- In GitLab Ultimate, administrators may [toggle enforcement of personal access token expiry](../admin_area/settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry). - In GitLab Ultimate, administrators may [toggle enforcement of personal access token expiration](../admin_area/settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration).
For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personalproject-access-tokens). For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personalproject-access-tokens).
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment