Deprecation announcement for non expiring access tokens

d4282a43 · Hannah Sutor · Evan Read · ef4469c0 · d4282a43 · d4282a43
--- a/data/deprecations/15-4-non-expiring-access-tokens.yml
+++ b/data/deprecations/15-4-non-expiring-access-tokens.yml
+- name: "Non-expiring access tokens"
+  announcement_milestone: "15.4"
+  announcement_date: "2022-09-22"
+  removal_milestone: "16.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: hsutor
+  body: |  # Do not modify this line, instead modify the lines below.
+    Currently, you can create access tokens that have no expiration date. These access tokens are valid indefinitely, which presents a security risk if the access token is
+    divulged. Because expiring access tokens are better, from GitLab 15.3 we [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
+
+    In GitLab 16.0, any personal, project, or group access token that does not have an expiration date will automatically have an expiration date set at one year.
+
+    We recommend giving your tokens an expiration date in line with your company's security policies before the default is applied in GitLab 16.0.
+  stage: Manage
+  tiers: [Free, Premium, Ultimate]
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369122
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -45,6 +45,30 @@ sole discretion of GitLab Inc.

 <div class="announcement-milestone">

+## Announced in 15.4
+
+<div class="deprecation removal-160 breaking-change">
+
+### Non-expiring access tokens
+
+Planned removal: GitLab <span class="removal-milestone">16.0</span> (2022-05-22)
+
+WARNING:
+This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+Review the details carefully before upgrading.
+
+Currently, you can create access tokens that have no expiration date. These access tokens are valid indefinitely, which presents a security risk if the access token is
+divulged. Because expiring access tokens are better, from GitLab 15.3 we [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
+
+In GitLab 16.0, any personal, project, or group access token that does not have an expiration date will automatically have an expiration date set at one year.
+
+We recommend giving your tokens an expiration date in line with your company's security policies before the default is applied in GitLab 16.0.
+
+</div>
+</div>
+
+<div class="announcement-milestone">
+
 ## Announced in 15.3

 <div class="deprecation removal-160 breaking-change">