omni icon indicating copy to clipboard operation
omni copied to clipboard
verified publisher icon siderolabs

[feature] Ability to revoke public keys for user

Open steverfrancis opened this issue 1 month ago • 2 comments

Problem Description

If a user has authenticated themselves to Omni via using omnictl, etc, there is currently no way to revoke that access until the 8 hour default expiry has passed. The user logging out of the UI in Omni does not affect their omnictl access.

Solution

No response

Alternative Solutions

No response

Notes

No response

steverfrancis avatar Nov 18 '25 03:11 steverfrancis

@rothgar @Unix4ever page in the UI showing "List of public keys" and "Last used x time ago" with a "Revoke" button?

Slessi avatar Nov 26 '25 12:11 Slessi

I don't think it's possible to query the keys right now. I think the solution should be that if you delete the user it immediately drops all related user keys. So maybe we don't even need a UI for that.

Unix4ever avatar Nov 26 '25 13:11 Unix4ever

How does deleting a user work with external authentication sources? If someone has a group/labels for access to Omni I don't think there's any way to query the source and remove access from Omni

rothgar avatar Nov 26 '25 16:11 rothgar