Nugetgallery: [Organization] Show API keys and push summary associated with an organization

Created on 3 Apr 2018  路  5Comments  路  Source: NuGet/NuGetGallery

Based on feedback.
Updated 11/12/2018:
Summarizing the requirements below:

  1. Show all the API keys along with the following properties on the Organization's page:

    • Expiry

    • Pattern

    • Number of uses/pushes

    • Owner of the keys

  2. An option to expire the keys
Gallery UI Feature
Source
picture anangaur

Most helpful comment

From our perspective, keys are shared. We have several release engineers that manage keys for our CI systems. If we need to revoke a key I would want any release engineer to be able to do the task. We should not have to track down the creator of the key. My opinion based on how we work.

Admins should be able to see all keys (the fact they exist, not the key value) in the org and delete them.

picture bholmes on 18 May 2018
👍3

All 5 comments

Can you explain what you mean by an "API keys and push summary"?

Do we want to show all API keys that any user has created that is scoped to an organization?
What does the push summary contain? We already have https://github.com/NuGet/NuGetGallery/issues/4887

scottbommarito picture scottbommarito on 5 Apr 2018

There was a desire to be able to see all the API keys (names) created by all members scoped to that org, together.

anangaur picture anangaur on 5 Apr 2018
👍2

In addition state if the API keys was ever used and if used how many times for each of the API keys.

anangaur picture anangaur on 5 Apr 2018

Regarding showing the usage of API keys, we don't maintain this data right now--we only maintain what user uploaded a package, not the method (UI/API key).

scottbommarito picture scottbommarito on 5 Apr 2018

From our perspective, keys are shared. We have several release engineers that manage keys for our CI systems. If we need to revoke a key I would want any release engineer to be able to do the task. We should not have to track down the creator of the key. My opinion based on how we work.

Admins should be able to see all keys (the fact they exist, not the key value) in the org and delete them.

bholmes picture bholmes on 18 May 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pranavkm picture pranavkm  路  5Comments
anangaur picture anangaur  路  5Comments
skofman1 picture skofman1  路  4Comments
304NotModified picture 304NotModified  路  3Comments
304NotModified picture 304NotModified  路  3Comments