Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/field/revoking_credentials.diviner
| Show All 15 Lines | |||||
| bin/auth revoke | bin/auth revoke | ||||
| =============== | =============== | ||||
| The `bin/auth revoke` tool revokes specified sets of credentials from | The `bin/auth revoke` tool revokes specified sets of credentials from | ||||
| specified targets. For example, if you believe `@alice` may have had her SSH | specified targets. For example, if you believe `@alice` may have had her SSH | ||||
| key compromised, you can revoke her keys like this: | key compromised, you can revoke her keys like this: | ||||
| ``` | ``` | ||||
| phabricator/ $ ./bin/auth revoke --type ssh --from @alice | phorge/ $ ./bin/auth revoke --type ssh --from @alice | ||||
| ``` | ``` | ||||
| The flag `--everything` revokes all credential types. | The flag `--everything` revokes all credential types. | ||||
| The flag `--everywhere` revokes credentials from all objects. For most | The flag `--everywhere` revokes credentials from all objects. For most | ||||
| credential types this means "all users", but some credentials (like SSH keys) | credential types this means "all users", but some credentials (like SSH keys) | ||||
| can also be associated with other kinds of objects. | can also be associated with other kinds of objects. | ||||
| Note that revocation can be disruptive (users must choose new passwords, | Note that revocation can be disruptive (users must choose new passwords, | ||||
| generate new API tokens, configure new SSH keys, etc) and can not be easily | generate new API tokens, configure new SSH keys, etc) and can not be easily | ||||
| undone if you perform an excessively broad revocation. | undone if you perform an excessively broad revocation. | ||||
| You can use the `--list` flag to get a list of available credential types | You can use the `--list` flag to get a list of available credential types | ||||
| which can be revoked. This includes upstream credential types, and may include | which can be revoked. This includes upstream credential types, and may include | ||||
| third-party credential types if you have extensions installed. | third-party credential types if you have extensions installed. | ||||
| To list all revokable credential types: | To list all revokable credential types: | ||||
| ``` | ``` | ||||
| phabricator/ $ ./bin/auth revoke --list | phorge/ $ ./bin/auth revoke --list | ||||
| ``` | ``` | ||||
| To get details about exactly how a specific revoker works: | To get details about exactly how a specific revoker works: | ||||
| ``` | ``` | ||||
| phabricator/ $ ./bin/auth revoke --list --type ssh | phorge/ $ ./bin/auth revoke --list --type ssh | ||||
| ``` | ``` | ||||
| Revocation vs Removal | Revocation vs Removal | ||||
| ===================== | ===================== | ||||
| Generally, `bin/auth revoke` **revokes** credentials, rather than just deleting | Generally, `bin/auth revoke` **revokes** credentials, rather than just deleting | ||||
| or removing them. That is, the credentials are moved to a permanent revocation | or removing them. That is, the credentials are moved to a permanent revocation | ||||
| Show All 15 Lines | |||||
| compromise (where an attacker may have observed data transmitted over the | compromise (where an attacker may have observed data transmitted over the | ||||
| network), you should revoke the `password`, `conduit`, `session`, and | network), you should revoke the `password`, `conduit`, `session`, and | ||||
| `temporary` credentials for all users. This will revoke all credentials which | `temporary` credentials for all users. This will revoke all credentials which | ||||
| are normally sent over the network. | are normally sent over the network. | ||||
| You can revoke these credentials by running these commands: | You can revoke these credentials by running these commands: | ||||
| ``` | ``` | ||||
| phabricator/ $ ./bin/auth revoke --type password --everywhere | phorge/ $ ./bin/auth revoke --type password --everywhere | ||||
| phabricator/ $ ./bin/auth revoke --type conduit --everywhere | phorge/ $ ./bin/auth revoke --type conduit --everywhere | ||||
| phabricator/ $ ./bin/auth revoke --type session --everywhere | phorge/ $ ./bin/auth revoke --type session --everywhere | ||||
| phabricator/ $ ./bin/auth revoke --type temporary --everywhere | phorge/ $ ./bin/auth revoke --type temporary --everywhere | ||||
| ``` | ``` | ||||
| Depending on the nature of the compromise you may also consider revoking `ssh` | Depending on the nature of the compromise you may also consider revoking `ssh` | ||||
| credentials, although these are usually not sent over the network because | credentials, although these are usually not sent over the network because | ||||
| they are asymmetric. | they are asymmetric. | ||||
| **User Compromise**: If you believe a user's credentials have been compromised | **User Compromise**: If you believe a user's credentials have been compromised | ||||
| (for example, maybe they lost a phone or laptop) you should revoke | (for example, maybe they lost a phone or laptop) you should revoke | ||||
| `--everything` from their account. This will revoke all of their outstanding | `--everything` from their account. This will revoke all of their outstanding | ||||
| credentials without affecting other users. | credentials without affecting other users. | ||||
| You can revoke all credentials for a user by running this command: | You can revoke all credentials for a user by running this command: | ||||
| ``` | ``` | ||||
| phabricator/ $ ./bin/auth revoke --everything --from @alice | phorge/ $ ./bin/auth revoke --everything --from @alice | ||||
| ``` | ``` | ||||
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0