HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Audit logs

HCP Vault Secrets provides audit logs for all events. These logs capture which users and service principals performed which operations, such as reading or deleting a secret.

View audit logs

  1. Log into HCP Portal. It opens the last project you were in. Choose the target project if it is different.

  2. Select Vault Secrets > Apps.

  3. Select the application name you wish to view.

  4. Select Audit Logs. Audit Logs

Using the audit logs, you can learn the following information:

  • Event - the type of operation
  • Triggered By - the user email or service principal and client IP address from where the request originated
  • Scope - the scope an operation was executed on. For example, if a new application was created, the scope of the event is application.
  • Interface - the client interface used for the request (such as UI, CLI, API)
  • Timestamp - the time of the event

Application deletion events

The audit log viewer within the HCP UI is currently at the application level, therefore if an application is deleted, you can no longer able view its audit logs using the UI. Use log streaming to retain audit log events for deleted applications.

Audit log streaming

Standard tier

This feature is available in HCP Vault Secrets Standard tier.

HCP Vault Secrets audit log events can be streamed to an external provider with the Standard tier. Refer to HCP audit log streaming for more information on supported providers and steps to configure.

Edit this page on GitHub