diff options
Diffstat (limited to 'doc/user/admin_area/credentials_inventory.md')
-rw-r--r-- | doc/user/admin_area/credentials_inventory.md | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/doc/user/admin_area/credentials_inventory.md b/doc/user/admin_area/credentials_inventory.md index 9259c93cfa3..7f2d49dafea 100644 --- a/doc/user/admin_area/credentials_inventory.md +++ b/doc/user/admin_area/credentials_inventory.md @@ -13,7 +13,7 @@ type: howto GitLab administrators are responsible for the overall security of their instance. To assist, GitLab provides a Credentials inventory to keep track of all the credentials that can be used to access their self-managed instance. -Using Credentials inventory, GitLab administrators can see all the personal access tokens and SSH keys that exist in their instance and: +Using Credentials inventory, you can see all the personal access tokens (PAT) and SSH keys that exist in your GitLab instance. In addition, you can [revoke them](#revoke-a-users-personal-access-token) and see: - Who they belong to. - Their access scope. @@ -25,4 +25,19 @@ To access the Credentials inventory, navigate to **Admin Area > Credentials**. The following is an example of the Credentials inventory page: -![Credentials inventory page](img/credentials_inventory_v13_2.png) +![Credentials inventory page](img/credentials_inventory_v13_4.png) + +## Revoke a user's personal access token + +[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4. + +If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table: + +| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments | +|-------------|------------------------|--------------------|----------------------------------------------------------------------------| +| Active | Yes | Yes | Allows administrators to revoke the PAT, such as for a compromised account | +| Active | No | Yes | Allows administrators to revoke the PAT, such as for a compromised account | +| Expired | Yes | No | PAT expires automatically | +| Expired | No | Yes | The administrator may revoke the PAT to prevent indefinite use | +| Revoked | Yes | No | Not applicable; token is already revoked | +| Revoked | No | No | Not applicable; token is already revoked | |