Auditing secrets

On 26 Sept 2023, there will be significant improvements to the Security & Encryption Cloud app. Learn more.

Audit logs show chronological events around secrets in the space, who interacted and made changes to the secrets. You may use the audit logs to run audit reports, review access to secrets, find out any unintended access, detect suspicious activities and provide supporting evidence of your organization's security compliance.

The audit logs page shows event records of all secrets within the space.

Records are kept for 90 days and cannot be deleted. Only the space administrators are able to see audit logs.

Accessing audit logs

On the left sidebar, click Secret Administrator.
Click on Audit logs tab.

You can't see this tab if you're not a space administrator.
You'll see a table of audit information.
Use the input box at the top to filter by secret name or secret ID.

Audit log details

The following items are available for each row in the audit logs.

Item	Description
Date	The date and time (in your current timezone) the event took place.
User	The Confluence user who performed the event.
Change	The type of event. It can be one of the following: Created Modified Deleted Restored (see Restoring deleted secrets) Purged (permanently deleted, cannot be restored) Decrypted (successful access to the secret) Attempted (failed access to the secret, typically due to insufficient permissions)
Item affected	Name of the secret (and its ID).
Origin	The page location where the event was performed. When marked as "-", the event was performed in the main secrets page or administration pages (available from the sidebar).
Version	The version of the secret when the event took place.