Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/field/revoking_credentials.diviner
Show All 15 Lines | |||||
bin/auth revoke | bin/auth revoke | ||||
=============== | =============== | ||||
The `bin/auth revoke` tool revokes specified sets of credentials from | The `bin/auth revoke` tool revokes specified sets of credentials from | ||||
specified targets. For example, if you believe `@alice` may have had her SSH | specified targets. For example, if you believe `@alice` may have had her SSH | ||||
key compromised, you can revoke her keys like this: | key compromised, you can revoke her keys like this: | ||||
``` | ``` | ||||
phabricator/ $ ./bin/auth revoke --type ssh --from @alice | phorge/ $ ./bin/auth revoke --type ssh --from @alice | ||||
``` | ``` | ||||
The flag `--everything` revokes all credential types. | The flag `--everything` revokes all credential types. | ||||
The flag `--everywhere` revokes credentials from all objects. For most | The flag `--everywhere` revokes credentials from all objects. For most | ||||
credential types this means "all users", but some credentials (like SSH keys) | credential types this means "all users", but some credentials (like SSH keys) | ||||
can also be associated with other kinds of objects. | can also be associated with other kinds of objects. | ||||
Note that revocation can be disruptive (users must choose new passwords, | Note that revocation can be disruptive (users must choose new passwords, | ||||
generate new API tokens, configure new SSH keys, etc) and can not be easily | generate new API tokens, configure new SSH keys, etc) and can not be easily | ||||
undone if you perform an excessively broad revocation. | undone if you perform an excessively broad revocation. | ||||
You can use the `--list` flag to get a list of available credential types | You can use the `--list` flag to get a list of available credential types | ||||
which can be revoked. This includes upstream credential types, and may include | which can be revoked. This includes upstream credential types, and may include | ||||
third-party credential types if you have extensions installed. | third-party credential types if you have extensions installed. | ||||
To list all revokable credential types: | To list all revokable credential types: | ||||
``` | ``` | ||||
phabricator/ $ ./bin/auth revoke --list | phorge/ $ ./bin/auth revoke --list | ||||
``` | ``` | ||||
To get details about exactly how a specific revoker works: | To get details about exactly how a specific revoker works: | ||||
``` | ``` | ||||
phabricator/ $ ./bin/auth revoke --list --type ssh | phorge/ $ ./bin/auth revoke --list --type ssh | ||||
``` | ``` | ||||
Revocation vs Removal | Revocation vs Removal | ||||
===================== | ===================== | ||||
Generally, `bin/auth revoke` **revokes** credentials, rather than just deleting | Generally, `bin/auth revoke` **revokes** credentials, rather than just deleting | ||||
or removing them. That is, the credentials are moved to a permanent revocation | or removing them. That is, the credentials are moved to a permanent revocation | ||||
Show All 15 Lines | |||||
compromise (where an attacker may have observed data transmitted over the | compromise (where an attacker may have observed data transmitted over the | ||||
network), you should revoke the `password`, `conduit`, `session`, and | network), you should revoke the `password`, `conduit`, `session`, and | ||||
`temporary` credentials for all users. This will revoke all credentials which | `temporary` credentials for all users. This will revoke all credentials which | ||||
are normally sent over the network. | are normally sent over the network. | ||||
You can revoke these credentials by running these commands: | You can revoke these credentials by running these commands: | ||||
``` | ``` | ||||
phabricator/ $ ./bin/auth revoke --type password --everywhere | phorge/ $ ./bin/auth revoke --type password --everywhere | ||||
phabricator/ $ ./bin/auth revoke --type conduit --everywhere | phorge/ $ ./bin/auth revoke --type conduit --everywhere | ||||
phabricator/ $ ./bin/auth revoke --type session --everywhere | phorge/ $ ./bin/auth revoke --type session --everywhere | ||||
phabricator/ $ ./bin/auth revoke --type temporary --everywhere | phorge/ $ ./bin/auth revoke --type temporary --everywhere | ||||
``` | ``` | ||||
Depending on the nature of the compromise you may also consider revoking `ssh` | Depending on the nature of the compromise you may also consider revoking `ssh` | ||||
credentials, although these are usually not sent over the network because | credentials, although these are usually not sent over the network because | ||||
they are asymmetric. | they are asymmetric. | ||||
**User Compromise**: If you believe a user's credentials have been compromised | **User Compromise**: If you believe a user's credentials have been compromised | ||||
(for example, maybe they lost a phone or laptop) you should revoke | (for example, maybe they lost a phone or laptop) you should revoke | ||||
`--everything` from their account. This will revoke all of their outstanding | `--everything` from their account. This will revoke all of their outstanding | ||||
credentials without affecting other users. | credentials without affecting other users. | ||||
You can revoke all credentials for a user by running this command: | You can revoke all credentials for a user by running this command: | ||||
``` | ``` | ||||
phabricator/ $ ./bin/auth revoke --everything --from @alice | phorge/ $ ./bin/auth revoke --everything --from @alice | ||||
``` | ``` |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0