Skip to main content
Enkryptify records all significant actions in an append-only audit log. Each entry is linked to the previous one with a cryptographic hash, making any tampering detectable.

What is logged

The audit log captures four types of actions:
ActionDescription
CREATEA new resource was created (e.g. project, environment, secret, member, …)
UPDATEAn existing resource was modified
DELETEA resource was removed
VIEWA sensitive read occurred (e.g. viewing secret values)

What each entry contains

Every audit log entry records:
  • Actor — the user ID and username who performed the action
  • Action — CREATE, UPDATE, DELETE, or VIEW
  • Entity — the resource type and ID that was affected
  • Data before — the state of the resource before the action (for updates and deletes)
  • Data after — the state of the resource after the action (for creates and updates)
  • Scope — the context of the action (e.g. which environment or project)
  • Timestamp — when the action occurred

Tamper evidence

Each log entry carries a SHA-256 hash computed from its own content and the hash of the previous entry, forming a hash chain. This means:
  • Modifying any entry changes its hash, which breaks the chain at that point
  • Deleting an entry creates a gap in the chain
  • Inserting a fake entry breaks the hash link between surrounding entries
Enkryptify periodically verifies the hash chain to detect any tampering. If a break is found, it indicates that the log has been altered.

Viewing audit logs

Audit logs are currently not accessible from the dashboard. We are working on a total overhaul of the audit logging system to include more information and proactively notify you if any tampering is detected. This will all be visible to admins in the future. If you need to view audit logs today, please contact us and we will help you.