Extending the Audit Log documentation page to include information about secret audit events

123sarahj123 · 123sarahj123 · commit fa6c1cb15e97 · 2024-03-15T14:55:43.000+13:00
diff --git a/pages/pipelines/audit_log.md b/pages/pipelines/audit_log.md
@@ -105,3 +105,142 @@ USER_UPDATED
 ```
 
 You can also set up [Amazon EventBridge](/docs/integrations/amazon-eventbridge) to stream Audit Log events.
+
+
+## Audit Logs for Secrets
+
+>📘 Audit logs for secrets do not contain the value or sensitive information the secret.
+
+
+Audit logs record information of transactions in which secrets are accessed or modified. The following events will be logged:
+* `SECRET_CREATED` This triggers an audit log when a user of an organization that initiated the creation of a secret. Secrets can only be created by a User. Below are the fields captured in the audit log for this event.
+
+  ```
+  {
+    "data"=> {
+      "auditEvent" => {
+        "__typename" => "AuditEvent",
+        "id" => "QXVkaXRFdmVudC0tLTAxOGUzZjBkLTIwZGUtNDZhZS1iNTMxLTU5NjRkYWJjY2M2Zg==",
+        "uuid" => "018e3f0d-20de-46ae-b531-5964dabccc6f",
+        "type" => "SECRET_CREATED",
+        "subject" => {
+          "id" => "QXVkaXRTdWJqZWN0LS0tMDE4ZTNmMGQtMjBkZS00NmFlLWI1MzEtNTk2NGRhYmNjYzZm",
+          "type" => "SECRET",
+          "uuid" => "3d01f85a-0436-49cd-a082-6f8e20dd677e",
+          "node" => {
+            "__typename" => "Secret",
+            "uuid" => "3d01f85a-0436-49cd-a082-6f8e20dd677e",
+            "organization" => {
+              "name" => "Sunny Spot"
+            }
+          }
+        }
+      }
+    }
+  }
+  ```
+
+* `SECRET_DELETED` This triggers an audit log when a secret is deleted by a user of an organization. This is only for when a secret is destroyed, and there is no handling for events such as "revoked" or "expiry". Below are the fields captured in the audit log for this event.
+```
+{
+  "data" => {
+    "auditEvent" => {
+      "__typename" => "AuditEvent",
+      "id" => "QXVkaXRFdmVudC0tLTAxOGUzZjE1LTk0OTEtNGJjMS1iOTY4LWNkYTdkMzk2ZDU0MA==",
+      "uuid" => "018e3f15-9491-4bc1-b968-cda7d396d540",
+      "type" => "SECRET_DELETED",
+      "subject" => {
+        "id" => "QXVkaXRTdWJqZWN0LS0tMDE4ZTNmMTUtOTQ5MS00YmMxLWI5NjgtY2RhN2QzOTZkNTQw",
+        "type" => "SECRET",
+        "uuid" => "d83e4f1f-cc26-43d7-8d2c-d303243d87ee",
+        "node" => {
+          "__typename" => "Secret",
+          "uuid" => "d83e4f1f-cc26-43d7-8d2c-d303243d87ee",
+          "organization" => {
+            "name" => "Sunny Spot"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+* `SECRET_READ` This triggers an audit event when an actor accesses or reads the value of a secret. Secrets can be read by an agent running a compute job, or read by a user belonging to an organization. Below are the fields captured in the audit log for this event.
+
+```
+{
+  "data" => {
+    "auditEvent" => {
+      "__typename" => "AuditEvent",
+      "id" => "QXVkaXRFdmVudC0tLTAxOGUzZjE5LTlkODgtNDBmZS1iOGIzLTkxMTk5OWNlMmRmMg==",
+      "uuid" => "018e3f19-9d88-40fe-b8b3-911999ce2df2",
+      "type" => "SECRET_READ",
+      "subject" => {
+        "id" => "QXVkaXRTdWJqZWN0LS0tMDE4ZTNmMTktOWQ4OC00MGZlLWI4YjMtOTExOTk5Y2UyZGYy",
+        "type" => "SECRET",
+        "uuid" => "644771e7-10cf-4784-af97-9fdf70402a1c",
+        "node" => {
+          "__typename" => "Secret",
+          "uuid" => "644771e7-10cf-4784-af97-9fdf70402a1c",
+          "organization" => {
+            "name" => "Sunny Spot"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+* `SECRET_QUERIED` This triggers an audit event when a user belonging to an organization or system identity (such as an agent) when a query is performed to find a secret (or secrets). This event will still trigger if a secret is searched for but does not exist or is not found. Below are the fields captured in the audit log for this event.
+```
+{
+  "data" => {
+    "auditEvent" => {
+      "__typename" => "AuditEvent",
+      "id" => "QXVkaXRFdmVudC0tLTAxOGUzZjRlLTdiNGUtNDQ1ZS04MDI3LWQyZGU4ZjY3MDI0Yg==",
+      "uuid" => "018e3f4e-7b4e-445e-8027-d2de8f67024b",
+      "type" => "SECRET_QUERIED",
+      "subject" => {
+        "id" => "QXVkaXRTdWJqZWN0LS0tMDE4ZTNmNGUtN2I0ZS00NDVlLTgwMjctZDJkZThmNjcwMjRi",
+        "type" => "SECRET",
+        "uuid" => "d906f471-92a9-4725-aad5-d7388280e654",
+        "node" => {
+          "__typename" => "Secret",
+          "uuid" => "d906f471-92a9-4725-aad5-d7388280e654",
+          "organization" => {
+            "name" => "Sunny Spot"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+* `SECRET_UPDATED` This triggers an audit event when the value or properties of a secret is updated by a user belonging to an organization. As secrets can have many versions, audit logs keeps track of the version identifiers and updates. Below are the fields captured in the audit log for this event.
+```
+{
+  "data" => {
+    "auditEvent" => {
+      "__typename" => "AuditEvent",
+      "id" => "QXVkaXRFdmVudC0tLTAxOGUzZjUxLWViNTMtNGVlZC1hZmRjLWE2ZTdhZjcyMDFkOQ==",
+      "uuid" => "018e3f51-eb53-4eed-afdc-a6e7af7201d9",
+      "type" => "SECRET_UPDATED",
+      "subject" => {
+        "id" => "QXVkaXRTdWJqZWN0LS0tMDE4ZTNmNTEtZWI1My00ZWVkLWFmZGMtYTZlN2FmNzIwMWQ5",
+        "type" => "SECRET",
+        "uuid" => "87a44525-2a66-441a-89f6-8b559364aed9",
+        "node" => {
+          "__typename" => "Secret",
+          "uuid" => "87a44525-2a66-441a-89f6-8b559364aed9",
+          "organization" => {
+            "name" => "Sunny Spot"
+          }
+        }
+      }
+    }
+  }
+}
+```
