Skip to main content
Enkryptify records every significant action in an append-only audit log. Each entry is linked to the previous one with a cryptographic hash, so any tampering is detectable.

What is logged

The audit log covers actions across your workspace:
CategoryExample events
Secretscreated, updated, deleted, value viewed, value changed
Projects and environmentscreated, updated, deleted
Membersinvited, updated, removed
Teamscreated, updated, deleted
API tokenscreated, rotated, revoked
Syncscreated, updated, deleted
Workspacecreated, updated, deleted
Each entry has a specific event type such as secret.created or secret_value.viewed, a derived action (create, update, delete or view) and a severity (info, notice, warning or critical). Sensitive reads are logged like any other action: viewing a secret value is recorded as a secret_value.viewed event.

What each entry contains

  • Actor: who performed the action (a user, an API token, the CLI or an internal system process), including their name, email and how they authenticated
  • Event: the event type, action, category and severity
  • Target: the affected resource and where it lives (project and environment)
  • Change: the before and after state of the action, with a fingerprint and version (never the value) recorded for secret changes
  • Request context: IP address, approximate location (country, region and city), user agent and a request ID
  • Timestamp: when the action occurred
  • Integrity: a per-workspace sequence number and the hash that links the entry to the rest of the chain

Secret values are never stored

When a secret value is created or changed, the log records a keyed hash (a fingerprint) of the value and a version number, never the value itself. You can see that a value changed and when, while the audit log never holds a secret.

Tamper evidence

Each entry carries a SHA-256 hash computed from its own contents and the hash of the previous entry, forming a hash chain backed by a per-workspace sequence number. This means:
  • Modifying an entry changes its hash and breaks the chain at that point
  • Deleting an entry leaves a gap in the sequence
  • Inserting a fake entry breaks the hash link between the surrounding entries
Enkryptify seals each new entry shortly after it is written and can re-verify the whole chain on demand. Verification recomputes every hash and checks the sequence for gaps, reporting the first break it finds.

Viewing audit logs

Workspace admins can browse the audit log in the dashboard under Audit logs. Selecting an entry opens a detail view with the full actor, target, request context and before/after data.

Filtering

Narrow the log by:
  • Actor
  • Event type, category, action or severity
  • Project, environment or a specific secret
  • IP address
  • Date range
  • Full-text search across actor, resource, project and environment names

Exporting

Export the current view as CSV or JSON for external retention or analysis.