HashiCorp Cloud Platform
Audit logs
HCP Vault Secrets provides audit logs for all events. These logs capture which users and service principals performed which operations, such as reading or deleting a secret.
View audit logs
Log into HCP Portal. It opens the last project you were in. Choose the target project if it is different.
Select Vault Secrets > Apps.
Select the application name you wish to view.
Select Audit Logs.
Using the audit logs, you can learn the following information:
- Event - the type of operation
- Triggered By - the user email or service principal and client IP address from where the request originated
- Scope - the scope an operation was executed on. For example, if a new application was created, the scope of the event is application.
- Interface - the client interface used for the request (such as UI, CLI, API)
- Timestamp - the time of the event
Application deletion events
The audit log viewer within the HCP UI is currently at the application level, therefore if an application is deleted, you can no longer able view its audit logs using the UI. Use log streaming to retain audit log events for deleted applications.
Audit log streaming
Plus tier
This feature is available in HCP Vault Secrets Plus tier.
HCP Vault Secrets audit log events can be streamed to an external provider with the Plus tier. Refer to HCP audit log streaming for more information on supported providers and steps to configure.