mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add audit logging for all mutating gRPC operations

Browse Source 
Log Info-level audit events on success for:
- system: Init, Unseal, Seal
- auth: Login, Logout
- engine: Mount, Unmount
- policy: CreatePolicy, DeletePolicy
- ca: ImportRoot, CreateIssuer, DeleteIssuer, IssueCert, RenewCert

Each log line includes relevant identifiers (mount, issuer, serial, CN,
SANs, username) so that certificate issuance and other privileged
operations are traceable in the server logs.

Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
Kyle Isom
2026-03-15 13:11:17 -07:00
parent 8215aaccc5
commit 65c92fe5ec
8 changed files with 45 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/webserver/client.go
View File

@@ -284,6 +284,8 @@ type CertSummary struct {
Issuer string
CommonName string
Profile string
IssuedBy string
IssuedAt string
ExpiresAt string
}
@@ -300,6 +302,10 @@ func (c *VaultClient) ListCerts(ctx context.Context, token, mount string) ([]Cer
Issuer: s.Issuer,
CommonName: s.CommonName,
Profile: s.Profile,
IssuedBy: s.IssuedBy,
}
if s.IssuedAt != nil {
cs.IssuedAt = s.IssuedAt.AsTime().Format("2006-01-02T15:04:05Z")
}
if s.ExpiresAt != nil {
cs.ExpiresAt = s.ExpiresAt.AsTime().Format("2006-01-02T15:04:05Z")