Enhance accountability and visibility with Secrets and Configs Audit Trails
When you configure the infrastructure for your cloud-native application using our Developer Control Plane, our Secrets and Configs Stores can be used to store the runtime values your application needs to function. Because these values are so critical to your application’s functionality, we’ve enhanced how you can audit the changes made to your configuration by tracking the context of every change that’s made.
This new feature is already available and enabled in your account!
If deployments for a certain application begin failing unexpectedly, for example, you can review the Configs and Secrets audit logs to determine if a configuration change coincides with the emergence of the new issue. And, of course, the contextual data recorded with each configuration change can also be useful in determining if an account of someone on your team has been compromised.
Accessing the Secrets and Configs Logs
To view the changelog for all of your entries, navigate to Settings in the navigation bar of the CTO.ai Dashboard, then click on either Secrets or Configs in the left sidebar to view the appropriate value store.
When you click on the Logs button on the Secrets or Configs dashboard, you’ll be shown a list of entries recording all of the changes that have been made to your stored values. In the screenshot below, you can see how the Config Logs screen displays all of the changes made to Configs in this team on the CTO.ai platform:
As you can see in this example, each logged change to a Configs value includes a few important details:
- Key of the Config that was changed is displayed at the beginning of each row.
- User who made the change.
- Time the change was made.
- Type of change logged by this event: Create, Update, or Delete.
- An option to see more details about the context of the change.
The additional details you can view include details about the user who initiated the action, the user agent that made the change, the IP address from which the action originated, and the full timestamp that it occurred:
Note that changes that were made before this feature was implemented have not been tracked, so the first change you make to a given Secrets or Configs value will be registered as a Create action.
With this new feature, you can ensure that there is accountability for changes made to the configuration of your application’s infrastructure!
Want to see this feature in action? Book a feature demo with one of our experts today!