diff --git a/doc/administration/credentials_inventory.md b/doc/administration/credentials_inventory.md
index 2b2dd608154f464080fc90a42c42b4f502e933d6..9650a40276706925cdaee5965b2d75ddd2af07de 100644
--- a/doc/administration/credentials_inventory.md
+++ b/doc/administration/credentials_inventory.md
@@ -12,78 +12,78 @@ title: Credentials inventory for GitLab Self-Managed
{{< /details >}}
-As a GitLab administrator, you are responsible for the overall security of your instance.
-To assist, GitLab provides an inventory of all the credentials that can be used to access
-your GitLab Self-Managed instance.
+{{< history >}}
-This page describes how to manage the credentials inventory for GitLab Self-Managed. To manage credentials on GitLab.com, see [Credentials inventory for GitLab.com](../user/group/credentials_inventory.md).
+- Group access tokens [added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102959) in GitLab 15.6.
-In the credentials inventory, you can view all:
+{{< /history >}}
-- Personal access tokens (PATs).
-- Project access tokens
-- Group access tokens ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102959) in GitLab 15.6).
-- SSH keys.
-- GPG keys.
+{{< alert type="note" >}}
-You can also [revoke](#revoke-a-users-personal-access-token), [delete](#delete-a-users-ssh-key), and view:
+For GitLab.com, see [Credentials inventory for GitLab.com](../user/group/credentials_inventory.md).
-- Who they belong to.
-- Their access scope.
-- Their usage pattern.
-- When they:
- - Expire.
- - Were revoked.
+{{< /alert >}}
-## Revoke a user's personal access token
+Use the credentials inventory to monitor and control access to your GitLab self-managed instance.
-You can revoke a user's personal access token.
+As an administrator, you can:
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Credentials**.
-1. By the personal access token, select **Revoke**.
+- Revoke personal or project access tokens.
+- Delete SSH keys.
+- Review credential details including:
+ - Ownership.
+ - Access scopes.
+ - Usage patterns.
+ - Expiration dates.
+ - Revocation dates.
+
+## Revoke personal access tokens
-If a **Revoke** button is not available, the token may be expired or revoked, or an expiration date set.
+To revoke a personal access token in your instance:
-| Token state | Revoke button displayed? | Comments |
-|-------------|--------------------------|----------------------------------------------------------------------------|
-| Active | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
-| Expired | No | Not applicable; token is already expired |
-| Revoked | No | Not applicable; token is already revoked |
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Credentials**.
+1. Next to the personal access token, select **Revoke**.
+ If the token was previously expired or revoked, you'll see the date this happened instead.
-When a PAT is revoked from the credentials inventory, the instance notifies the user by email.
+The access token is revoked and the user is notified by email.
-## Revoke a user's project access token
+## Revoke project access tokens
+
+To revoke a project access token in your instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Credentials**.
1. Select the **Project access tokens** tab.
-1. By the project access token, select **Revoke**.
+1. Next to the project access token, select **Revoke**.
-The project access token is revoked and a background worker is queued to delete the project bot user.
+The access token is revoked and a background process begins to delete the associated project bot user.
-## Delete a user's SSH key
+## Delete SSH keys
+
+To delete an SSH key in your instance:
1. On the left sidebar, at the bottom, select **Admin**.
1. Select **Credentials**.
1. Select the **SSH Keys** tab.
-1. By the SSH key, select **Delete**.
+1. Next to the SSH key, select **Delete**.
-The instance notifies the user.
+The SSH key is deleted and the user is notified.
-## Review existing GPG keys
+## View GPG keys
+
+You can see details for each GPG key including the owner, ID, and [verification status](../user/project/repository/signed_commits/gpg.md).
-You can view all existing GPG in your GitLab instance by going to the
-credentials inventory GPG Keys tab, as well as the following properties:
+To view information about GPG keys in your instance:
-- Who the GPG key belongs to.
-- The ID of the GPG key.
-- Whether the GPG key is [verified or unverified](../user/project/repository/signed_commits/gpg.md).
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Credentials**.
+1. Select the **GPG Keys** tab.
diff --git a/doc/user/group/credentials_inventory.md b/doc/user/group/credentials_inventory.md
index 97c6c2966b3f421103207e683f632d50e3dbf3f4..25367596a3f694d12d529fc21e374dca83b28c86 100644
--- a/doc/user/group/credentials_inventory.md
+++ b/doc/user/group/credentials_inventory.md
@@ -18,61 +18,52 @@ title: Credentials inventory for GitLab.com
{{< /history >}}
-As a GitLab.com top-level group owner, you are responsible for the overall security of your groups and projects.
-To assist, GitLab provides an inventory of all the credentials that can be used to access your groups and projects.
+{{< alert type="note" >}}
-This page describes how to manage the credentials inventory for GitLab.com. To manage credentials on GitLab Self-Managed, see [Credentials inventory for GitLab Self-Managed](../../administration/credentials_inventory.md).
+For GitLab Self-Managed, see [Credentials inventory for GitLab Self-Managed](../../administration/credentials_inventory.md).
-In the credentials inventory, you can view:
+{{< /alert >}}
-- For [enterprise users](../enterprise_user/_index.md):
- - Personal access tokens (PATs).
- - SSH keys.
+Use the credentials inventory to monitor and control access to your groups and projects for GitLab.com.
-You can also:
+As the Owner for a top-level group, you can:
-- [Revoke a personal access token](#revoke-a-users-personal-access-token).
-- [Delete a user's SSH key](#delete-a-users-ssh-key).
-- View the following information about access tokens:
- - Who they belong to.
- - Their access scope.
- - Their usage pattern.
- - When they:
- - Expire.
- - Were revoked.
+- Revoke personal access tokens.
+- Delete SSH keys.
+- Review credential details for your [enterprise users](../enterprise_user/_index.md) including:
+ - Ownership.
+ - Access scopes.
+ - Usage patterns.
+ - Expiration dates.
+ - Revocation dates.
-## Revoke a user's personal access token
+## Revoke personal access tokens
-You can revoke an enterprise user's personal access token.
+To revoke personal access tokens for enterprise users in your group:
1. On the left sidebar, select **Secure**.
1. Select **Credentials**.
-1. By the personal access token, select **Revoke**.
+1. Next to the personal access token, select **Revoke**.
+ If the token was previously expired or revoked, you'll see the date this happened instead.
-If a **Revoke** option is not available, the token might already be revoked or have expired, or have an expiration date set.
-
-| Token state | **Revoke** option displayed? | Comments |
-|-------------|------------------------------|----------------------------------------------------------------------------|
-| Active | Yes | Allows administrators to revoke the PAT, such as for a compromised account |
-| Expired | No | Not applicable; token is already expired |
-| Revoked | No | Not applicable; token is already revoked |
-
-When a PAT is revoked from the credentials inventory, the instance notifies the user by email.
+The access token is revoked and the user is notified by email.
-## Delete a user's SSH key
+## Delete SSH keys
+
+To delete SSH keys for enterprise users in your group:
1. On the left sidebar, select **Secure**.
1. Select **Credentials**.
1. Select the **SSH Keys** tab.
-1. By the SSH key, select **Delete**.
+1. Next to the SSH key, select **Delete**.
-The instance notifies the user.
+The SSH key is deleted and the user is notified.
-## Revoke a project or group access token
+## Revoke project or group access tokens
-Credentials inventory on GitLab.com does not support viewing or revoking project or group access tokens.
+You cannot view or revoke project or group access tokens using the credentials inventory on GitLab.com.
[Issue 498333](https://gitlab.com/gitlab-org/gitlab/-/issues/498333) proposes to add this feature.
diff --git a/doc/user/project/repository/signed_commits/gpg.md b/doc/user/project/repository/signed_commits/gpg.md
index 83e5c2bb3ad7f4601dacb2ac3cb8785dd501473c..49cae42f21cd87e37c7a98d197be54efe96f2a26 100644
--- a/doc/user/project/repository/signed_commits/gpg.md
+++ b/doc/user/project/repository/signed_commits/gpg.md
@@ -266,7 +266,7 @@ If you must unverify both future and past commits,
- [Managing OpenPGP Keys](https://riseup.net/en/security/message-security/openpgp/gpg-keys)
- [OpenPGP Best Practices](https://riseup.net/en/security/message-security/openpgp/best-practices)
- [Creating a new GPG key with subkeys](https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/) (advanced)
- - [Review existing GPG keys in your instance](../../../../administration/credentials_inventory.md#review-existing-gpg-keys)
+ - [View GPG keys in your instance](../../../../administration/credentials_inventory.md#view-gpg-keys)
## Troubleshooting
diff --git a/doc/user/ssh.md b/doc/user/ssh.md
index 67977ddc8d714bf151a7f27903c51c22b1c0ea3a..eeaeda524daf75ec543290bd2362b3b5b310f9eb 100644
--- a/doc/user/ssh.md
+++ b/doc/user/ssh.md
@@ -356,7 +356,7 @@ To use SSH with GitLab, copy your public key to your GitLab account:
1. Optional. Select the **Usage type** of the key. It can be used either for `Authentication` or `Signing` or both. `Authentication & Signing` is the default value.
1. Optional. Update **Expiration date** to modify the default expiration date.
- Administrators can view expiration dates and use them for
- guidance when [deleting keys](../administration/credentials_inventory.md#delete-a-users-ssh-key).
+ guidance when [deleting keys](../administration/credentials_inventory.md#delete-ssh-keys).
- GitLab checks all SSH keys at 01:00 AM UTC every day. It emails an expiration notice for all SSH keys that are scheduled to expire seven days from now.
- GitLab checks all SSH keys at 02:00 AM UTC every day. It emails an expiration notice for all SSH keys that expire on the current date.
1. Select **Add key**.