Enable masking of newly created access tokens (!101385) · Merge requests · GitLab.org / GitLab

Eduardo Sanz García requested to merge eduardosanz/enable-masked-tokens into master Oct 18, 2022

What does this MR do and why?

For security reason is better hide (mask) the newly created tokens. It affects all access tokens: personal/group/project/impersonation.

Closes #360921 (closed)

Closes #350590 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Newly created token before

Newly created token after

How to set up and validate locally

Create a new token in any of the following types:

Personal access token: https://gdk.test:3443/-/profile/personal_access_tokens
Group access token: https://gdk.test:3443/groups/flightjs/-/settings/access_tokens
Project access token: https://gdk.test:3443/flightjs/Flight/-/settings/access_tokens
Impersonation token: https://gdk.test:3443/admin/users/merle_schinner/impersonation_tokens

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 18, 2022 by Eduardo Sanz García

Enable masking of newly created access tokens