2020-06-23 00:09:42 +05:30
---
stage: Manage
2022-04-04 11:22:00 +05:30
group: Authentication and Authorization
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
type: howto
---
2021-03-11 19:13:27 +05:30
# Credentials inventory **(ULTIMATE SELF)**
2020-01-01 13:55:28 +05:30
2022-05-07 20:08:51 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20912) in GitLab 12.6.
> - [Bot-created access tokens not displayed in personal access token list](https://gitlab.com/gitlab-org/gitlab/-/issues/351759) in GitLab 14.9.
2020-01-01 13:55:28 +05:30
2021-09-04 01:27:46 +05:30
GitLab administrators are responsible for the overall security of their instance. To assist, GitLab
provides a Credentials inventory to keep track of all the credentials that can be used to access
their self-managed instance.
2020-01-01 13:55:28 +05:30
2022-04-04 11:22:00 +05:30
Use Credentials inventory to see for your GitLab instance all:
- Personal access tokens (PAT).
- Project access tokens (GitLab 14.8 and later).
- SSH keys.
- GPG keys.
You can also [revoke ](#revoke-a-users-personal-access-token ) and [delete ](#delete-a-users-ssh-key ) and see:
2020-01-01 13:55:28 +05:30
- Who they belong to.
- Their access scope.
- Their usage pattern.
2020-07-28 23:09:34 +05:30
- When they expire. [Introduced ](https://gitlab.com/gitlab-org/gitlab/-/issues/214809 ) in GitLab 13.2.
- When they were revoked. [Introduced ](https://gitlab.com/gitlab-org/gitlab/-/issues/214809 ) in GitLab 13.2.
2020-01-01 13:55:28 +05:30
2021-09-04 01:27:46 +05:30
To access the Credentials inventory:
2021-11-11 11:23:49 +05:30
1. On the top bar, select **Menu > Admin** .
2021-09-04 01:27:46 +05:30
1. On the left sidebar, select **Credentials** .
2020-01-01 13:55:28 +05:30
2020-11-24 15:15:51 +05:30
## Revoke a user's personal access token
2021-01-03 14:25:43 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4.
2020-11-24 15:15:51 +05:30
If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
2022-04-04 11:22:00 +05:30
| Token state | [Token expiration enforced? ](settings/account_and_limit_settings.md#allow-expired-personal-access-tokens-to-be-used-deprecated ) | Show Revoke button? | Comments |
2020-11-24 15:15:51 +05:30
|-------------|------------------------|--------------------|----------------------------------------------------------------------------|
| Active | Yes | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
| Active | No | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
2021-01-03 14:25:43 +05:30
| Expired | Yes | No | PAT expires automatically |
| Expired | No | Yes | The administrator may revoke the PAT to prevent indefinite use |
| Revoked | Yes | No | Not applicable; token is already revoked |
| Revoked | No | No | Not applicable; token is already revoked |
2021-01-29 00:20:46 +05:30
When a PAT is revoked from the credentials inventory, the instance notifies the user by email.
2022-05-07 20:08:51 +05:30
![Credentials inventory page - Personal access tokens ](img/credentials_inventory_personal_access_tokens_v14_9.png )
2022-04-04 11:22:00 +05:30
## Revoke a user's project access token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/243833) in GitLab 14.8.
The **Revoke** button next to a project access token can be selected to revoke that particular project access token. This will both:
- Revoke the token project access token.
- Enqueue a background worker to delete the project bot user.
2022-05-07 20:08:51 +05:30
![Credentials inventory page - Project access tokens ](img/credentials_inventory_project_access_tokens_v14_9.png )
2021-01-03 14:25:43 +05:30
## Delete a user's SSH key
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225248) in GitLab 13.5.
You can **Delete** a user's SSH key by navigating to the credentials inventory's SSH Keys tab.
2021-01-29 00:20:46 +05:30
The instance then notifies the user.
2021-01-03 14:25:43 +05:30
2022-05-07 20:08:51 +05:30
![Credentials inventory page - SSH keys ](img/credentials_inventory_ssh_keys_v14_9.png )
2021-04-17 20:07:23 +05:30
## Review existing GPG keys
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/282429) in GitLab 13.10.
2021-06-08 01:23:25 +05:30
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/292961) in GitLab 13.12.
2021-04-29 21:17:54 +05:30
You can view all existing GPG in your GitLab instance by navigating to the
2021-04-17 20:07:23 +05:30
credentials inventory GPG Keys tab, as well as the following properties:
- Who the GPG key belongs to.
- The ID of the GPG key.
- Whether the GPG key is [verified or unverified ](../project/repository/gpg_signed_commits/index.md )
2022-05-07 20:08:51 +05:30
![Credentials inventory page - GPG keys ](img/credentials_inventory_gpg_keys_v14_9.png )