Add deprecation notice to SSH key info

6fea2cb7 · Evan Read · a2d53b3f · 6fea2cb7 · 6fea2cb7 · 6fea2cb7
Commit 6fea2cb7 authored May 07, 2021 by Evan Read
4 changed files
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -33,7 +33,7 @@ The following is an example of the Credentials inventory page:

 If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:

-| Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration) | Show Revoke button? | Comments |
+| Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#do-not-enforce-personal-access-token-expiration) | Show Revoke button? | Comments |
 |-------------|------------------------|--------------------|----------------------------------------------------------------------------|
 | Active      | Yes                    | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
 | Active      | No                     | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |

--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -50,7 +50,7 @@ You can set a global prefix for all generated Personal Access Tokens.

 A prefix can help you identify PATs visually, as well as with automation tools.

-### Setting a prefix
+### Set a prefix

 Only a GitLab administrator can set the prefix, which is a global setting applied
 to any PAT generated in the system by any user:
@@ -148,7 +148,7 @@ To set a limit on how long these sessions are valid:
 1. Fill in the **Session duration for Git operations when 2FA is enabled (minutes)** field.
 1. Click **Save changes**.

-## Limiting lifetime of personal access tokens **(ULTIMATE SELF)**
+## Limit the lifetime of personal access tokens **(ULTIMATE SELF)**

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3649) in GitLab Ultimate 12.6.

@@ -160,7 +160,7 @@ Personal access tokens are the only tokens needed for programmatic access to Git
 However, organizations with security requirements may want to enforce more protection by
 requiring the regular rotation of these tokens.

-### Setting a lifetime
+### Set a lifetime

 Only a GitLab administrator can set a lifetime. Leaving it empty means
 there are no restrictions.
@@ -180,12 +180,16 @@ Once a lifetime for personal access tokens is set, GitLab:
  allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
  or remove it, before revocation takes place.

-## Optional enforcement of SSH key expiration **(ULTIMATE SELF)**
+## Enforce SSH key expiration **(ULTIMATE SELF)**

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.

 By default, expired SSH keys **can still be used**.
-You can prevent the use of expired SSH keys with the following steps:
+
+WARNING:
+Allowing use of expired SSH keys by default is deprecated and scheduled to change in GitLab 14.0.
+
+To prevent the use of expired SSH keys:

 1. Navigate to **Admin Area > Settings > General**.
 1. Expand the **Account and limit** section.
@@ -195,7 +199,7 @@ Enforcing SSH key expiration immediately disables all expired SSH keys.

 For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970).

-## Optional non-enforcement of Personal Access Token expiration **(ULTIMATE SELF)**
+## Do not enforce Personal Access Token expiration **(ULTIMATE SELF)**

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9.
@@ -209,7 +213,7 @@ To do this:
 1. Expand the **Account and limit** section.
 1. Uncheck the **Enforce personal access token expiration** checkbox.

-## Disabling user profile name changes **(PREMIUM SELF)**
+## Disable user profile name changes **(PREMIUM SELF)**

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/24605) in GitLab 12.7.


--- a/doc/user/group/saml_sso/group_managed_accounts.md
+++ b/doc/user/group/saml_sso/group_managed_accounts.md
@@ -104,9 +104,11 @@ This expiration date is not a requirement, and can be set to any arbitrary date.

 Since personal access tokens are the only token needed for programmatic access to GitLab, organizations with security requirements may want to enforce more protection to require regular rotation of these tokens.

-### Setting a limit
+### Set a limit

-Only a GitLab administrator or an owner of a group-managed account can set a limit. When this field is left empty, the [instance-level restriction](../../admin_area/settings/account_and_limit_settings.md#limiting-lifetime-of-personal-access-tokens) on the lifetime of personal access tokens apply.
+Only a GitLab administrator or an owner of a group-managed account can set a limit. When this field
+is left empty, the [instance-level restriction](../../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens)
+on the lifetime of personal access tokens apply.

 To set a limit on how long personal access tokens are valid for users in a group managed account:


--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -79,8 +79,10 @@ Personal access tokens expire on the date you define, at midnight UTC.

 - GitLab runs a check at 01:00 AM UTC every day to identify personal access tokens that expire in the next seven days. The owners of these tokens are notified by email.
 - GitLab runs a check at 02:00 AM UTC every day to identify personal access tokens that expire on the current date. The owners of these tokens are notified by email.
- In GitLab Ultimate, administrators can [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limiting-lifetime-of-personal-access-tokens).
- In GitLab Ultimate, administrators can choose whether or not to [enforce personal access token expiration](../admin_area/settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration).
+- In GitLab Ultimate, administrators can
+  [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens).
+- In GitLab Ultimate, administrators can choose whether or not to
+  [enforce personal access token expiration](../admin_area/settings/account_and_limit_settings.md#do-not-enforce-personal-access-token-expiration).

 ## Create a personal access token programmatically **(FREE SELF)**