Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

command/audit: Recommend multiple audit devices #18348

Merged
merged 2 commits into from
Dec 13, 2022
Merged

command/audit: Recommend multiple audit devices #18348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
31ff587
command/audit: Add note about enabling multiple audit devices=
mpalmi Dec 13, 2022
dbb3a6a
docs: Recommend multiple audit devices
mpalmi Dec 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions command/audit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ Usage: vault audit <subcommand> [options] [args]
This command groups subcommands for interacting with Vault's audit devices.
Users can list, enable, and disable audit devices.

*NOTE*: Once an audit device has been enabled, failure to audit could prevent
Vault from servicing future requests. It is highly recommended that you enable
multiple audit devices.

List all enabled audit devices:

$ vault audit list
Expand Down
18 changes: 15 additions & 3 deletions website/content/docs/audit/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,22 @@ requests and response to Vault. Because every operation with Vault is an API
request/response, when using a single audit device, the audit log contains _every authenticated_ interaction with
Vault, including errors.

Multiple audit devices can be enabled and Vault will attempt to send the audit logs to
all of them. This allows you to not only have redundant copies, but also a way to check for data tampering in the logs themselves.
## Enabling Multiple Devices

When multiple audit devices are enabled, Vault will attempt to send the audit
logs to all of them. This allows you to not only have redundant copies, but also
a way to check for data tampering in the logs themselves.

Vault considers a request to be successful if it can log to *at least* one
configured audit device (see: [Blocked Audit
Devices](/docs/audit#blocked-audit-devices) section below). Therefore in order
to build a complete picture of all audited actions, use the aggregate/union of
the logs from each audit device.

~> Note: It is **highly recommended** that you configure Vault to use multiple audit
devices. Audit failures can prevent Vault from servicing requests, so it is
important to provide at least one other device.

~> Note: When using multiple audit devices, Vault considers a request to be successful if it can log to *at least* one configured audit device (see: [Blocked Audit Devices](/docs/audit#blocked-audit-devices) section below). Therefore in order to build a complete picture of all audited actions, use the aggregate/union of the logs from each audit device.

## Format

Expand Down