Audit Logs
Understand how Hanzo KMS logs activity and supports external audit streaming.
Hanzo KMS records a detailed audit trail of actions across the platform — providing deep visibility into access, changes, and usage for security and compliance purposes.
Every interaction with Hanzo KMS resources generates an audit event. These events are immutable and include metadata such as the actor, event type, affected resources, timestamp, IP address, and client source.
Audit logs enable teams to:
- Monitor access and changes to secrets, certificates, and infrastructure.
- Investigate incidents with full context around who did what, when, and how.
- Meet compliance and governance requirements with structured activity records.
To learn more, refer to the audit logs documentation.
Log Coverage
Hanzo KMS tracks dozens of event types across the platform — including secret access, permission changes, certificate issuance, SSH session activity, and identity management.
Each audit entry includes structured fields that make it easy to search, filter, and correlate across systems. For example:
- Event Type: Action that occurred (e.g.,
create-secret,issue-ssh-cert). - Actor: Who performed the action (user or machine identity).
- Resource: What was affected (e.g., project, secret, certificate).
- Context: IP address, user agent, permissions, and more.
External Log Streaming
For centralized monitoring and long-term retention, Hanzo KMS supports audit log streaming to external systems.
You can forward logs to SIEM platforms, storage buckets, or observability stacks using JSON-based collectors. Hanzo KMS integrates well with tools like Fluent Bit, enabling teams to route logs to destinations such as:
- AWS S3
- Elasticsearch
- Splunk
- Datadog
- Cloud-native log pipelines
How is this guide?
Last updated on