Doppler Logo

Glossary

Audit Logs

Knowing when changes are made, especially high-risk ones, and who makes them can be an important tool for a high-performance team. Audit logs can collect and display a wide array of information, from adding and removing team members from projects to different facets of when and how secrets are modified. Understanding who accessed a secret, when they accessed it, and what medium they accessed it through is necessary to be confident in your security posture.

Secrets access logs, a type of audit log, allow workplaces to understand which actors have accessed a secret. Users with the appropriate permissions can see the actor, access method, and the first time it was read, as well as the most recent time it was read. Each actor is distinctly represented and filterable in the access log. Actors can include Users, Service Tokens, Personal Access Tokens, CLI Tokens, or other access granted via tokens, such as Kubernetes Operators, Terraform Providers, or API.

In secrets management services like Doppler, a secret isn’t passively accessible, so each time a secret is viewed or otherwise accessed, the system will log this action. For example, in Doppler’s dashboard, the secret’s value is fetched and displayed only once the user clicks on the secret’s value input. This makes it easy for the audit log system to identify which actor clicked on which secret and what time they clicked on it.

This system of tracking secrets access is a powerful tool in the prevention and remediation of data breaches. Automatic alerts and updates help identify irregular secrets access, and audit logs help security teams identify which accounts might be compromised so they can revoke access before excessive damage occurs.

Audit logs aren’t just important internal tools - they’re also among the standards used to determine and maintain compliance with modern data protection standards, like HIPAA, CCPA, or the GDPR. Using a secrets management solution with comprehensive audit logs helps ensure your development team is in compliance with these data protection and privacy regulations.

Back to glossary
Share
Enjoying this content? Stay up to date and get our latest glossarys, guides, and tutorials.

Related Content

Explore More
Common questions for enterprise secrets management
Security
Common questions for enterprise secrets managementDoppler empowers enterprises to focus on innovation and development rather than struggling with credential management.
Read More
Improving SOC criteria with Doppler
Security
Improving SOC criteria with DopplerFeatures like User Groups, Logging, and Automated Rotation help development teams meet SOC 2 compliance requirements and strengthen security practices.
Read More
Securely sharing secrets across distributed teams
Security
Securely sharing secrets across distributed teamsLearn how to securely share secrets like API keys and credentials across distributed teams while avoiding common security pitfalls
Read More

Enter the new era of secrets management

Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.

Start for FreeGet Demo