Commit 3b1f6655 authored by Evan Read's avatar Evan Read

Merge branch 'doc-fix-ssh-pat-expiration-settings' into 'master'

Tweak wording on SSH and PAT expiration settings

See merge request gitlab-org/gitlab!64477
parents f4aec663 9c43bab1
...@@ -38,7 +38,7 @@ The following is an example of the Credentials inventory page: ...@@ -38,7 +38,7 @@ The following is an example of the Credentials inventory page:
If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table: If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
| Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#do-not-enforce-personal-access-token-expiration) | Show Revoke button? | Comments | | Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#allow-expired-personal-access-tokens-to-be-used) | Show Revoke button? | Comments |
|-------------|------------------------|--------------------|----------------------------------------------------------------------------| |-------------|------------------------|--------------------|----------------------------------------------------------------------------|
| Active | Yes | Yes | Allows administrators to revoke the PAT, such as for a compromised account | | Active | Yes | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
| Active | No | Yes | Allows administrators to revoke the PAT, such as for a compromised account | | Active | No | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
......
...@@ -199,7 +199,7 @@ Once a lifetime for personal access tokens is set, GitLab: ...@@ -199,7 +199,7 @@ Once a lifetime for personal access tokens is set, GitLab:
allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime, allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
or remove it, before revocation takes place. or remove it, before revocation takes place.
## Enforce SSH key expiration **(ULTIMATE SELF)** ## Allow expired SSH keys to be used **(ULTIMATE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/320970) in GitLab 14.0. > - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/320970) in GitLab 14.0.
...@@ -215,15 +215,14 @@ To allow the use of expired SSH keys: ...@@ -215,15 +215,14 @@ To allow the use of expired SSH keys:
Disabling SSH key expiration immediately enables all expired SSH keys. Disabling SSH key expiration immediately enables all expired SSH keys.
## Do not enforce Personal Access Token expiration **(ULTIMATE SELF)** ## Allow expired Personal Access Tokens to be used **(ULTIMATE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9.
By default, expired personal access tokens (PATs) cannot be used. By default, expired personal access tokens (PATs) **are not usable**.
You can allow the use of expired PATs with the following steps:
To do this: To allow the use of expired PATs:
1. On the top bar, select **Menu >** **{admin}** **Admin**. 1. On the top bar, select **Menu >** **{admin}** **Admin**.
1. In the left sidebar, select **Settings > General**. 1. In the left sidebar, select **Settings > General**.
......
...@@ -16,7 +16,7 @@ If you're unable to use [OAuth2](../../api/oauth2.md), you can use a personal ac ...@@ -16,7 +16,7 @@ If you're unable to use [OAuth2](../../api/oauth2.md), you can use a personal ac
In both cases, you authenticate with a personal access token in place of your password. In both cases, you authenticate with a personal access token in place of your password.
Personal access tokens are required when [Two-Factor Authentication (2FA)](account/two_factor_authentication.md) is enabled. Personal access tokens are required when [Two-Factor Authentication (2FA)](account/two_factor_authentication.md) is enabled.
For examples of how you can use a personal access token to authenticate with the API, see the [API documentation](../../api/README.md#personalproject-access-tokens). For examples of how you can use a personal access token to authenticate with the API, see the [API documentation](../../api/README.md#personalproject-access-tokens).
...@@ -82,7 +82,7 @@ Personal access tokens expire on the date you define, at midnight UTC. ...@@ -82,7 +82,7 @@ Personal access tokens expire on the date you define, at midnight UTC.
- In GitLab Ultimate, administrators can - In GitLab Ultimate, administrators can
[limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens). [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens).
- In GitLab Ultimate, administrators can choose whether or not to - In GitLab Ultimate, administrators can choose whether or not to
[enforce personal access token expiration](../admin_area/settings/account_and_limit_settings.md#do-not-enforce-personal-access-token-expiration). [enforce personal access token expiration](../admin_area/settings/account_and_limit_settings.md#allow-expired-personal-access-tokens-to-be-used).
## Create a personal access token programmatically **(FREE SELF)** ## Create a personal access token programmatically **(FREE SELF)**
...@@ -104,10 +104,10 @@ To create a personal access token programmatically: ...@@ -104,10 +104,10 @@ To create a personal access token programmatically:
``` ```
1. Run the following commands to reference the username, the token, and the scopes. 1. Run the following commands to reference the username, the token, and the scopes.
The token must be 20 characters long. The scopes must be valid and are visible The token must be 20 characters long. The scopes must be valid and are visible
[in the source code](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/auth.rb). [in the source code](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/auth.rb).
For example, to create a token that belongs to a user with username `automation-bot`: For example, to create a token that belongs to a user with username `automation-bot`:
```ruby ```ruby
...@@ -141,7 +141,7 @@ To revoke a token programmatically: ...@@ -141,7 +141,7 @@ To revoke a token programmatically:
```shell ```shell
sudo gitlab-rails console sudo gitlab-rails console
``` ```
1. To revoke a token of `token-string-here123`, run the following commands: 1. To revoke a token of `token-string-here123`, run the following commands:
```ruby ```ruby
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment