luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

command/audit: Recommend multiple audit devices (#18348) 

* command/audit: Add note about enabling multiple audit devices

* docs: Recommend multiple audit devices
This commit is contained in:
Mike Palmiotto 2022-12-13 17:51:03 -05:00 committed by GitHub
parent b2aa164c21
commit 4b8747ab51
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
command/audit.go
View File

@ -23,6 +23,10 @@ Usage: vault audit <subcommand> [options] [args]
This command groups subcommands for interacting with Vault's audit devices.
Users can list, enable, and disable audit devices.
*NOTE*: Once an audit device has been enabled, failure to audit could prevent
Vault from servicing future requests. It is highly recommended that you enable
multiple audit devices.
List all enabled audit devices:
$ vault audit list

18
website/content/docs/audit/index.mdx
View File

@ -11,10 +11,22 @@ requests and response to Vault. Because every operation with Vault is an API
request/response, when using a single audit device, the audit log contains _every authenticated_ interaction with
Vault, including errors.
Multiple audit devices can be enabled and Vault will attempt to send the audit logs to
all of them. This allows you to not only have redundant copies, but also a way to check for data tampering in the logs themselves.
## Enabling Multiple Devices
When multiple audit devices are enabled, Vault will attempt to send the audit
logs to all of them. This allows you to not only have redundant copies, but also
a way to check for data tampering in the logs themselves.
Vault considers a request to be successful if it can log to *at least* one
configured audit device (see: [Blocked Audit
Devices](/docs/audit#blocked-audit-devices) section below). Therefore in order
to build a complete picture of all audited actions, use the aggregate/union of
the logs from each audit device.
~> Note: It is **highly recommended** that you configure Vault to use multiple audit
devices. Audit failures can prevent Vault from servicing requests, so it is
important to provide at least one other device.
~> Note: When using multiple audit devices, Vault considers a request to be successful if it can log to *at least* one configured audit device (see: [Blocked Audit Devices](/docs/audit#blocked-audit-devices) section below). Therefore in order to build a complete picture of all audited actions, use the aggregate/union of the logs from each audit device.
## Format