Merge branch...

Merge branch '214811-add-revoke-buttons-to-the-pat-tab-of-the-credential-inventory-doc-update' into 'master' Docs: Add Revoke buttons to the PAT tab of the credential inventory See merge request gitlab-org/gitlab!41090

Merge branch...
Merge branch '214811-add-revoke-buttons-to-the-pat-tab-of-the-credential-inventory-doc-update' into 'master' Docs: Add Revoke buttons to the PAT tab of the credential inventory See merge request gitlab-org/gitlab!41090
9759ad78 · Achilleas Pipinellis · 9a87d148 · 267cedc1 · 9759ad78 · 9a87d148
Commit 9759ad78 authored Sep 10, 2020 by Achilleas Pipinellis
3 changed files
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -13,7 +13,7 @@ type: howto

 GitLab administrators are responsible for the overall security of their instance. To assist, GitLab provides a Credentials inventory to keep track of all the credentials that can be used to access their self-managed instance.

-Using Credentials inventory, GitLab administrators can see all the personal access tokens and SSH keys that exist in their instance and:
+Using Credentials inventory, you can see all the personal access tokens (PAT) and SSH keys that exist in your GitLab instance. In addition, you can [revoke them](#revoke-a-users-personal-access-token) and see:

 - Who they belong to.
 - Their access scope.
@@ -25,4 +25,19 @@ To access the Credentials inventory, navigate to **Admin Area > Credentials**.

 The following is an example of the Credentials inventory page:

-![Credentials inventory page](img/credentials_inventory_v13_2.png)
+![Credentials inventory page](img/credentials_inventory_v13_4.png)
+
+## Revoke a user's personal access token
+
+[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4.
+
+If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
+
+| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments |
+|-------------|------------------------|--------------------|----------------------------------------------------------------------------|
+| Active      | Yes                    | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
+| Active      | No                     | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
+| Expired     | Yes                    | No                 | PAT expires automatically                                                  |                                      
+| Expired     | No                     | Yes                | The administrator may revoke the PAT to prevent indefinite use             | 
+| Revoked     | Yes                    | No                 | Not applicable; token is already revoked                                   | 
+| Revoked     | No                     | No                 | Not applicable; token is already revoked                                   |                                                               
--- a/doc/user/admin_area/img/credentials_inventory_v13_2.png
+++ b/doc/user/admin_area/img/credentials_inventory_v13_2.png
--- a/doc/user/admin_area/img/credentials_inventory_v13_4.png
+++ b/doc/user/admin_area/img/credentials_inventory_v13_4.png