HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Boundary
Boundary Home

You are viewing documentation for version v0.13.x. View latest version.

Common sink parameters

These parameters are shared across all sink types:

  • name - Specify a name for the sink.

  • description - Specify a description for the sink.

  • event_types - Specifies a list of event types that will be sent to the sink. Can be *, error, system, observation or audit.

  • event_source_url - Specifies an optional event source URL for the sink. If not specified, the default source will be composed of the https://hashicorp.com/boundary.io/ServerName/Path/FileName.

  • allow_filters - Specifies a set of predicates for including an event in the sink. If any filter matches, the event will be included. For more information, on using filters see: event filtering

  • deny-filters - Specifies a set predicates for excluding an event in the sink. If any filter matches, the event will be excluded. For more information on using filters see: event filtering

  • format - Specifies the format for the sink. Can be cloudevents-json, cloudevents-text, hclog-json, or hclog-text.

  • type - Specifies the type of sink. Can be stderr or file.

  • audit_config - Specifies configuration for the processing of audit events for the sink. This is ignored if the sink is not configured to receive audit events.

audit_config parameters

audit_filter_overrides parameters

  • sensitive (string: "", "encrypt", "hmac-sha256", "redact") - Specifies the filter operation to apply to fields that are classified as sensitive.

  • secret (string: "", "encrypt", "hmac-sha256", "redact") - Specifies the filter operation to apply to fields that are classified as secret.

audit_config examples

This example is equivalent to the default settings if no audit_config stanza is provided.

audit_config {
  audit_filter_overrides {
    sensitive = "redact"
    secret    = "redact"
  }
}

This example will HMAC sensitive fields, and encrypt secrets.

audit_config {
  audit_filter_overrides {
    sensitive = "hmac-sha256"
    secret    = "encrypt"
  }
}

This example will not apply a filter to sensitive fields.

audit_config {
  audit_filter_overrides {
    sensitive = ""
  }
}
Edit this page on GitHub