Auditing secrets

Audit logs show chronological events around secrets in the space, who interacted and made changes to the secrets. You may use the audit logs to run audit reports, review access to secrets, find out any unintended access, detect suspicious activities and provide supporting evidence of your organization's security compliance.

The audit logs page shows event records of all secrets within the space.

Records are kept for 90 days and cannot be deleted. Only the space administrators are able to see audit logs.

Accessing audit logs

  1. On the left sidebar, click Secrets.


  2. Click on Audit logs tab.

    (warning) You can't see this tab if you're not a space administrator.



  3. You'll see a table of audit information. 

    Use the input box at the top to filter by secret name or secret ID.



Audit log details

The following items are available for each row in the audit logs.

ItemDescription
DateThe date and time (in your current timezone) the event took place.
UserThe Confluence user who performed the event.
Change

The type of event. It can be one of the following:

  • Created
  • Modified
  • Deleted
  • Restored (see Restoring deleted secrets)
  • Purged (permanently deleted, cannot be restored)
  • Decrypted (successful access to the secret)
  • Attempted (failed access to the secret, typically due to insufficient permissions)
Item affectedName of the secret (and its ID).
Origin

The page location where the event was performed.

When marked as "-", the event was performed in the main secrets page or administration pages (available from the sidebar).

VersionThe version of the secret when the event took place.