You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+28Lines changed: 28 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -179,6 +179,34 @@ OpenBao audit logging is enabled with a file audit device by default.
179
179
180
180
Warning: OpenBao blocks requests when no enabled audit device is writable. Keep the audit PVC healthy and sized for retained logs.
181
181
182
+
The device is declared in the OpenBao server config (`roles/openbao/templates/values.yaml.j2`), not via the `sys/audit` API — OpenBao v2.4+ rejects API-driven audit device creation as unsafe.
183
+
184
+
#### Viewing the audit log
185
+
186
+
Entries are one JSON object per line, in `request`/`response` pairs matched by `request.id`. Secret values and tokens are HMAC-SHA256 hashed — the log shows who did what to which path, never the credential itself. Key fields: `auth.display_name` (who), `auth.policies` (with what rights), `request.operation` + `request.path` (did what), `request.remote_address` (from where).
187
+
188
+
All commands run inside the VM (`vagrant ssh`). Rotated files sit next to the live log as `audit.log.<timestamp>`.
0 commit comments