Personal access token expiry policy
Description
A customer asked if an admin can enforce expiration requirements for personal access tokens. Currently users can optionally specify an expiry date.
It would be handy if an admin could optionally configure a minimum expiry requirement.
For time being @smcgivern provided a work around (untested):
gitlab-rails r 'PersonalAccessToken.active.where(expires_at: nil).update_all(expires_at: 1.week.from_now)'
Proposal
Links / references
Documentation blurb
Overview
What is it? Why should someone use this feature? What is the underlying (business) problem? How do you use this feature?
Use cases
Who is this for? Provide one or more use cases.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml