Audit Logs
Every state-changing operation and sensitive read is logged. Audit logs are immutable and cannot be deleted.
Query logs
Section titled “Query logs”Filter by action
Section titled “Filter by action”Filter by actor
Section titled “Filter by actor”Filter by resource type
Section titled “Filter by resource type”Pagination
Section titled “Pagination”The cursor value is returned in the previous response when more entries are available.
Logged actions
Section titled “Logged actions”| Action | Trigger |
|---|---|
auth.login | Login code requested |
auth.logout | Session invalidated |
org.create / org.update / org.delete | Organization changes |
org.member_invite / org.member_remove / org.member_role_update | Membership changes |
project.create / project.update / project.delete | Project changes |
env.create / env.delete | Environment changes |
secret.set / secret.read / secret.delete | Secret operations |
acl.grant / acl.revoke | Access rule changes |
service_account.create / service_account.revoke | Service account changes |
What’s captured
Section titled “What’s captured”Each log entry includes:
- Actor: user email or service account name
- Action: what happened
- Resource: type and ID of the affected resource
- Organization: which org context
- IP address: client IP (from reverse proxy
X-Real-Ipheader) - Metadata: action-specific context (e.g., secret key name, version number)
- Timestamp: UTC
Access
Section titled “Access”Audit logs require org admin role or superadmin.
REST API
Section titled “REST API”Response: