To help teams keep track of when a secret was accessed and by whom, SecretHub logs every action on a secret.
To show the audit log of actions on a repository or secret, you can use the
secrethub audit [options] <namespace>/<repo>[/<secret-path>]
audit command prints out a list of audit events in tabular or JSON format.
The default tabular format is intended for browsing only, for scripting the JSON format should be used.
Note that the audit log can only been shown, but never modified.
Pagination new in v0.39.0
Because of the potential big number of audit events, by default a pager is user to paginate the output of
The command used for pagination is the first match in this list:
- The command specified by the
lessif it is available on the system.
moreif it is available on the system.
If none of the above is available, no pagination is used and only 100 entries are outputted.
No pagination is performed when the output of
audit is piped to another process.
In that case, a maximum of 1000 entries is outputted.
This 1000 limit can be changed with the
- The path to the repository or secret to show the audit log for.
--output-formatnew in v0.39.0
- Specify the format in which to output the log. Options are:
json. Defaults to
--max-resultsnew in v0.39.0
- Specify the number of entries to list. Defaults to -1, which does not limit the number of entries. If the output of the command is piped, it defaults to
- Show timestamps formatted to RFC3339 instead of human readable durations.