Create public endpoints for Instance, Group, and User Application secret rotation

Release notes

Problem to solve

Many large customers have requirements around periodic token rotation for all (Instance, User, and Group) Applications. Browsing in the web UI to each application and clicking "Renew Secret" does not scale will for hundreds of applications.

Proposal

The feature request proposes to expose public endpoints for the Application API using the recent community contribution to rotate OAuth tokens.

The Application API currently covers list, add, and delete endpoints. The feature would extend the functionality to include an OAuth token rotation endpoint rotateToken ("Renew Secret" in the UI) for Instance/Group/User Apps for customers on Self-managed instances.

Intended users

Feature Usage Metrics

Does this feature require an audit event?

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.