-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
COMP-264 Updating documentation for audit secret logging (Audit Log section) #2716
base: main
Are you sure you want to change the base?
Conversation
Preview URL: https://2716--bk-docs-preview.netlify.app |
I have popped this on the Linear ticket, but will also pop here: Re technical documentation in the docs. Where should this go? Also looking at the cookbook documentation I don't think I should add Secrets there (as the cookbook is for common tasks). This sort of links in with the question in the above comment. I need to write about these audit logs specifically for secrets to reassure that they do not contain sensitive information. ✅ GraphQL schema docs has secret included ✅ ENUMS->AuditEventType have the secret events included ✅ ENUMS->AuditSubjectType has SECRET included |
- Extending audit_log.md to include secret audit events for GraphQL, and information about these events
4b47361
to
b6ff952
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@123sarahj123 has requested this has been put on hold for a few cycles.
Therefore, marking this as 'changes requested' to help block merging.
ON HOLD
Secrets is currently paused while we the Compute team focuses on Cache Volumes. See our roadmap here.
Description
This PR just focuses on updating the relevant documentation of the audit event types for Audit Secret Logging.
Docs: Pipelines -> Security -> Audit Log
A major part of incident investigation for secrets is audit logging. We assume at some point in the future, that the secrets service will be compromised either within a tenant or across all tenants. When an event like this happens it will be important to get a list of the actions the attacker took during the compromise.
Audit events implemented for creating, reading, updating and destroying a secret from actors across the Agent API, Rest API, Web. We want to display relevant information for the user to view the audit logs in the UI.
There is this Linear ticket for creating the public docs for audit secret logging, however that is relying on the Secrets UI and REST API to have been built. This PR just focuses on updating the relevant documentation of the audit event types on the
Audit Log
section for Audit Secret Logging.The Audit Secret Logging project has included:
Audit Log
page (Docs: Pipelines -> Security -> Audit Log)These docs are auto-generated and popped up in another PR
(Autogenerated GraphQL docs)
Also see more in my PR comment below
Secret
typeAgentAPIContext
Agent
Context
BC Post
Linear Ticket
Linear Project for Audit Secret Logging