Page MenuHomePhabricator

Document the "bin/auth revoke" tool
ClosedPublic

Authored by epriestley on Jan 22 2018, 6:15 PM.

Details

Summary

Depends on D18910. Ref T13043. Provides reasonable user-facing documentation about the general role and utility of this tool.

Test Plan

Read document.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

  • Add --list examples.
  • Clarify revocation list language.
  • Clarify sequencing in network example.

The tone of this doc is a little glib and light for documentation that will frequently be viewed in an emergency. I get that "You might do this with these commands:" is intended to suggest there are multiple ways to achieve the same result, but could also convey the impression that this set of commands might not actually accomplish the desired result. This page should give an administrator the warm fuzzies after carrying out the suggested steps.

src/docs/user/field/revoking_credentials.diviner
40

"extensions"

67

"tooling"?

76–77

"you should revoke" instead of "you may want to"

83–86

Just for the record, the result of the above is the same as --everything --everywhere, except the above keeps SSH keys, right?

93–94

"If you believe a user's credentials have been compromised" makes more sense than "affected by a compromise".

Also, "you should revoke" instead of "you may want to".

104–106

Too snarky for emergency documentation.

This revision now requires changes to proceed.Jan 23 2018, 8:42 PM
src/docs/user/field/revoking_credentials.diviner
67

Reworded "no toolset available" to "are no tools available".

76–77

Yeah, future changes and hypothetical third-party stuff excepted.

  • Be more direct about what to do and how to do it.

The cost of over-revoking is ultimately small so I think this is generally reasonable anyway.

This revision is now accepted and ready to land.Jan 23 2018, 9:17 PM
This revision was automatically updated to reflect the committed changes.